Jump to content

Internet privacy: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
more direct link
See also: sorted alphabetically
 
(14 intermediate revisions by 11 users not shown)
Line 4: Line 4:
Privacy can entail either [[personally identifiable information]] (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and [[physical address]] alone could identify who an individual is without explicitly disclosing their name, as these two parameters are unique enough to identify a specific person typically. Other forms of PII may include [[Global Positioning System|GPS]] [[GPS tracking unit|tracking]] data used by apps,<ref>{{Cite web |date=October 18, 2022 |title=The new meaning of PII — can you ever be anonymous?: Case study: Is GPS data personal data? |url=https://venturebeat.com/data-infrastructure/the-new-meaning-of-pii-can-you-ever-be-anonymous/}}</ref> as the daily commute and routine information can be enough to identify an individual.<ref>{{Cite news|url=https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html|title=Your Apps Know Where You Were Last Night, and They're Not Keeping It Secret|last1=Valentino-DeVries|first1=Jennifer|date=2018-12-10|work=The New York Times|access-date=2019-04-03|last2=Singer|first2=Natasha|issn=0362-4331|last3=Keller|first3=Michael H.|last4=Krolik|first4=Aaron|archive-date=2019-04-03|archive-url=https://web.archive.org/web/20190403053127/https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html|url-status=live}}</ref>
Privacy can entail either [[personally identifiable information]] (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and [[physical address]] alone could identify who an individual is without explicitly disclosing their name, as these two parameters are unique enough to identify a specific person typically. Other forms of PII may include [[Global Positioning System|GPS]] [[GPS tracking unit|tracking]] data used by apps,<ref>{{Cite web |date=October 18, 2022 |title=The new meaning of PII — can you ever be anonymous?: Case study: Is GPS data personal data? |url=https://venturebeat.com/data-infrastructure/the-new-meaning-of-pii-can-you-ever-be-anonymous/}}</ref> as the daily commute and routine information can be enough to identify an individual.<ref>{{Cite news|url=https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html|title=Your Apps Know Where You Were Last Night, and They're Not Keeping It Secret|last1=Valentino-DeVries|first1=Jennifer|date=2018-12-10|work=The New York Times|access-date=2019-04-03|last2=Singer|first2=Natasha|issn=0362-4331|last3=Keller|first3=Michael H.|last4=Krolik|first4=Aaron|archive-date=2019-04-03|archive-url=https://web.archive.org/web/20190403053127/https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html|url-status=live}}</ref>


It has been suggested that the "appeal of online services is to broadcast personal information on purpose."<ref>{{cite journal |last=Pogue |first=David |date=January 2011 |title=Don't Worry about Who's watching |journal=[[Scientific American]] |volume=304 |issue=1 |page=32 |doi=10.1038/scientificamerican0111-32|pmid=21265322 |bibcode=2011SciAm.304a..32P }}</ref> On the other hand, in his essay "The Value of Privacy", [[Computer security|security]] expert [[Bruce Schneier]] says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of [[surveillance]]."<ref>{{cite web |url=https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html |title=The Value of Privacy by Bruce Schneier |publisher=Schneier.com |access-date=2015-02-09 |archive-date=2022-05-02 |archive-url=https://web.archive.org/web/20220502142324/https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html |url-status=live }}</ref><ref>{{cite news |author=Bruce Schneier |url=http://archive.wired.com/politics/security/commentary/securitymatters/2006/05/70886 |title=The Eternal Value of Privacy by Bruce Schneier |publisher=Wired.com |date=May 18, 2006 |access-date=2016-07-19 |archive-date=2017-05-10 |archive-url=https://web.archive.org/web/20170510181309/http://archive.wired.com/politics/security/commentary/securitymatters/2006/05/70886 |url-status=live }}</ref>
It has been suggested that the "appeal of online services is to broadcast personal information on purpose."<ref>{{cite journal |last=Pogue |first=David |date=January 2011 |title=Don't Worry about Who's watching |journal=[[Scientific American]] |volume=304 |issue=1 |page=32 |doi=10.1038/scientificamerican0111-32|pmid=21265322 |bibcode=2011SciAm.304a..32P }}</ref> On the other hand, in [[Computer security|security]] expert [[Bruce Schneier]]'s essay entitled, "The Value of Privacy", he says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of [[surveillance]]."<ref>{{cite web |url=https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html |title=The Value of Privacy by Bruce Schneier |publisher=Schneier.com |access-date=2015-02-09 |archive-date=2022-05-02 |archive-url=https://web.archive.org/web/20220502142324/https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html |url-status=live }}</ref><ref>{{cite news |author=Bruce Schneier |url=http://archive.wired.com/politics/security/commentary/securitymatters/2006/05/70886 |title=The Eternal Value of Privacy by Bruce Schneier |publisher=Wired.com |date=May 18, 2006 |access-date=2016-07-19 |archive-date=2017-05-10 |archive-url=https://web.archive.org/web/20170510181309/http://archive.wired.com/politics/security/commentary/securitymatters/2006/05/70886 |url-status=live }}</ref>


==Levels of privacy==
==Levels of privacy==
Line 72: Line 72:
===Evercookies===
===Evercookies===
{{Main|Zombie cookie|Evercookie}}
{{Main|Zombie cookie|Evercookie}}
[[Evercookie]]s, created by [[Samy Kamkar]],<ref>{{cite news |title=Apple, Google Collect User Data |url=https://online.wsj.com/news/articles/SB10001424052748703983704576277101723453610 |access-date=26 May 2014 |newspaper=The Wall Street Journal |date=April 22, 2011 |author=Julia Angwin |author-link=Julia Angwin |author2=Jennifer Valentino-DeVries |archive-date=30 March 2014 |archive-url=https://web.archive.org/web/20140330021752/http://online.wsj.com/news/articles/SB10001424052748703983704576277101723453610 |url-status=live }}</ref><ref>{{cite news |title='Evercookie' is one cookie you don't want to bite |url=http://technolog.msnbc.msn.com/_news/2010/09/22/5157641-evercookie-is-one-cookie-you-dont-want-to-bite |archive-url=https://web.archive.org/web/20111223153605/http://technolog.msnbc.msn.com/_news/2010/09/22/5157641-evercookie-is-one-cookie-you-dont-want-to-bite |archive-date=2011-12-23 |date=September 20, 2010 }}</ref> are JavaScript-based applications which produce cookies in a web browser that actively "resist" deletion by redundantly copying themselves in different forms on the user's machine (e.g., Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies that are missing or expired. Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. It has the ability to store cookies in over ten types of storage mechanisms so that once they are on one's computer they will never be gone. Additionally, if Evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.<ref>Schneier</ref> Evercookies are one type of zombie cookie. However, modern browsers and anti-malware software can now block or detect and remove such cookies.
[[Evercookie]], created by [[Samy Kamkar]],<ref>{{cite news |title=Apple, Google Collect User Data |url=https://online.wsj.com/news/articles/SB10001424052748703983704576277101723453610 |access-date=26 May 2014 |newspaper=The Wall Street Journal |date=April 22, 2011 |author=Julia Angwin |author-link=Julia Angwin |author2=Jennifer Valentino-DeVries |archive-date=30 March 2014 |archive-url=https://web.archive.org/web/20140330021752/http://online.wsj.com/news/articles/SB10001424052748703983704576277101723453610 |url-status=live }}</ref><ref>{{cite news |title='Evercookie' is one cookie you don't want to bite |url=http://technolog.msnbc.msn.com/_news/2010/09/22/5157641-evercookie-is-one-cookie-you-dont-want-to-bite |archive-url=https://web.archive.org/web/20111223153605/http://technolog.msnbc.msn.com/_news/2010/09/22/5157641-evercookie-is-one-cookie-you-dont-want-to-bite |archive-date=2011-12-23 |date=September 20, 2010 }}</ref> is a JavaScript-based application which produces cookies in a web browser that actively "resist" deletion by redundantly copying themselves in different forms on the user's machine (e.g., Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies that are missing or expired. Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. It has the ability to store cookies in over ten types of storage mechanisms so that once they are on one's computer they will never be gone. Additionally, if Evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.<ref>Schneier</ref> Evercookies are a type of zombie cookie. However, modern browsers and anti-malware software can now block or detect and remove such cookies.


====Anti-fraud uses====
====Anti-fraud uses====
Line 78: Line 78:


====Advertising uses====
====Advertising uses====
There is controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a person's computer that are used to predict what one wants. Many advertisement companies want to use this technology to track what their customers are looking at online. This is known as online [[behavioural advertising]] which allows advertisers to keep track of the consumer's website visits to personalize and target advertisements.<ref>{{Cite journal|doi=10.1080/00913367.2017.1339368 |title=Online Behavioral Advertising: A Literature Review and Research Agenda|journal = Journal of Advertising |volume=46 |issue=3 |pages=363–376 |year=2017 |last1=Boerman |first1=Sophie C. |last2=Kruikemeier |first2=Sanne |last3=Zuiderveen Borgesius |first3=Frederik J.|doi-access=free }}</ref> Ever-cookies enable advertisers to continue to track a customer regardless of whether their cookies are deleted or not. Some companies are already using this technology but the ethics are still being widely debated.
There is controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a person's computer that are used to predict what one wants. Many advertisement companies want to use this technology to track what their customers are looking at online. This is known as online [[behavioural advertising]] which allows advertisers to keep track of the consumer's website visits to personalize and target advertisements.<ref>{{Cite journal|doi=10.1080/00913367.2017.1339368 |title=Online Behavioral Advertising: A Literature Review and Research Agenda|journal = Journal of Advertising |volume=46 |issue=3 |pages=363–376 |year=2017 |last1=Boerman |first1=Sophie C. |last2=Kruikemeier |first2=Sanne |last3=Zuiderveen Borgesius |first3=Frederik J.|doi-access=free |hdl=11245.1/30b8da2b-de05-4ad9-8e43-ce05eda657e5 |hdl-access=free }}</ref> Ever-cookies enable advertisers to continue to track a customer regardless of whether their cookies are deleted or not. Some companies are already using this technology but the ethics are still being widely debated.


====Criticism====
====Criticism====
Line 156: Line 156:


===Internet service providers===
===Internet service providers===
Internet users obtain Internet access through an [[Internet service provider]] (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet. ISPs can breach personal information such as transaction history, search history, and social media profiles of users. Hackers could use this opportunity to hack ISPs and obtain sensitive information of victims.
Internet users obtain Internet access through an [[Internet service provider]] (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet. ISPs can breach personal information such as transaction history, search history, and social media profiles of users. Hackers could use this opportunity to hack ISPs and obtain sensitive information of victims. However, ISPs are usually prohibited from participating in such activities due to legal, ethical, business, or technical reasons.

However, ISPs are usually prohibited from participating in such activities due to legal, ethical, business, or technical reasons.


Normally ISPs do collect at least ''some'' information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc.).
Normally ISPs do collect at least ''some'' information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc.).
Line 180: Line 178:


Besides elevating privacy concerns, HTML5 also adds a few tools to enhance user privacy. A mechanism is defined whereby user agents can share blacklists of domains that should not be allowed to access web storage.<ref name="PrivacyWHATWG" /> [[Content Security Policy]] is a proposed standard whereby sites may assign privileges to different domains, enforcing harsh limitations on JavaScript use to mitigate [[cross-site scripting]] attacks. HTML5 also adds HTML templating and a standard HTML parser which replaces the various parsers of web browser vendors. These new features formalize previously inconsistent implementations, reducing the number of vulnerabilities though not eliminating them entirely.<ref>{{cite web |last=Hill |first=Brad |title=HTML5 Security Realities |url=http://www.slideshare.net/BradHill2/w3-conf-hillhtml5securityrealities |access-date=23 February 2013 |date=February 2013 |quote=Rich web apps are not new, and HTML5 offers big security improvements compared to the proprietary plugin technologies it's actually replacing. |archive-date=26 February 2013 |archive-url=https://web.archive.org/web/20130226025622/http://www.slideshare.net/BradHill2/w3-conf-hillhtml5securityrealities |url-status=live }}</ref><ref>{{cite web |title=HTML Templates |url=https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/templates/index.html |publisher=W3C |access-date=23 February 2013 |date=23 February 2013 |archive-url=https://web.archive.org/web/20130310163433/https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/templates/index.html |archive-date=2013-03-10 |url-status=dead }}</ref>
Besides elevating privacy concerns, HTML5 also adds a few tools to enhance user privacy. A mechanism is defined whereby user agents can share blacklists of domains that should not be allowed to access web storage.<ref name="PrivacyWHATWG" /> [[Content Security Policy]] is a proposed standard whereby sites may assign privileges to different domains, enforcing harsh limitations on JavaScript use to mitigate [[cross-site scripting]] attacks. HTML5 also adds HTML templating and a standard HTML parser which replaces the various parsers of web browser vendors. These new features formalize previously inconsistent implementations, reducing the number of vulnerabilities though not eliminating them entirely.<ref>{{cite web |last=Hill |first=Brad |title=HTML5 Security Realities |url=http://www.slideshare.net/BradHill2/w3-conf-hillhtml5securityrealities |access-date=23 February 2013 |date=February 2013 |quote=Rich web apps are not new, and HTML5 offers big security improvements compared to the proprietary plugin technologies it's actually replacing. |archive-date=26 February 2013 |archive-url=https://web.archive.org/web/20130226025622/http://www.slideshare.net/BradHill2/w3-conf-hillhtml5securityrealities |url-status=live }}</ref><ref>{{cite web |title=HTML Templates |url=https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/templates/index.html |publisher=W3C |access-date=23 February 2013 |date=23 February 2013 |archive-url=https://web.archive.org/web/20130310163433/https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/templates/index.html |archive-date=2013-03-10 |url-status=dead }}</ref>

===Uploaded file metadata===
Embedded [[metadata]] in files uploaded to the internet can divulge privacy compromising data. For example, most digital cameras and smartphones automatically embed image metadata, such as [[Exif]], which includes the geographical location where the photo has been taken. If the photo has been taken at the photographer's house, his address and identity could be revealed.

This problem can be mitigated by removing metadata from files before uploading them to the internet using a [[metadata removal tool]].


===Big data===
===Big data===
Line 299: Line 302:
[[File:Jeff Flake official Senate photo (cropped).jpg|thumb|right|US Republican senator [[Jeff Flake]] spearheaded an effort to pass legislation allowing ISPs and tech firms to sell private customer information, such as their browsing history, without consent.]]
[[File:Jeff Flake official Senate photo (cropped).jpg|thumb|right|US Republican senator [[Jeff Flake]] spearheaded an effort to pass legislation allowing ISPs and tech firms to sell private customer information, such as their browsing history, without consent.]]


With the [[Republican party of the United States|Republicans]] in control of all three branches of the U.S. government, [[Lobbying in the United States|lobbyists]] for Internet service providers (ISPs) and tech firms persuaded lawmakers to dismantle regulations to protect privacy which had been made during the [[Presidency of Barack Obama|Obama administration]]. These FCC rules had required ISPs to get "explicit consent" before gathering and selling their private Internet information, such as the consumers' browsing histories, locations of businesses visited and applications used.<ref name="Kindy-2017"/> Trade groups wanted to be able to sell this information for profit.<ref name="Kindy-2017"/> Lobbyists persuaded Republican senator [[Jeff Flake]] and Republican representative [[Marsha Blackburn]] to sponsor legislation to dismantle Internet privacy rules; Flake received $22,700 in donations and Blackburn received $20,500 in donations from these trade groups.<ref name="Kindy-2017"/> On March 23, 2017, abolition of these privacy protections passed on a narrow party-line vote.<ref name="Kindy-2017">{{cite web | last=Kindy | first=Kimberly | title=How Congress dismantled federal Internet privacy rules | website=Washington Post | date=2017-05-30 | url=https://www.washingtonpost.com/politics/how-congress-dismantled-federal-internet-privacy-rules/2017/05/29/7ad06e14-2f5b-11e7-8674-437ddb6e813e_story.html |archive-url=https://web.archive.org/web/20170730030722/https://www.washingtonpost.com/politics/how-congress-dismantled-federal-internet-privacy-rules/2017/05/29/7ad06e14-2f5b-11e7-8674-437ddb6e813e_story.html?wpisrc=nl_evening&wpmm=1 |archive-date=2017-07-30 |url-status=live}}</ref> In June 2018, California passed the law restricting companies from sharing [[user data]] without permission. Also, users would be informed to whom the data is being sold and why. On refusal to sell the data, companies are allowed to charge a little higher to these consumers.<ref>{{Cite news|url=https://money.cnn.com/2018/06/28/technology/california-consumer-privacy-act/index.html|title=California passes strictest online privacy law in the country|last=Kelly|first=Heather|work=CNNMoney|access-date=2018-06-29|archive-date=2022-02-19|archive-url=https://web.archive.org/web/20220219195658/https://money.cnn.com/2018/06/28/technology/california-consumer-privacy-act/index.html|url-status=live}}</ref><ref>{{Cite news|url=https://www.usatoday.com/story/tech/2018/06/28/california-lawmakers-pass-tough-new-online-privacy-rules-could-model-other-states/743397002/|title=California passes nation's toughest online privacy law|work=USA TODAY|access-date=2018-06-29|archive-date=2018-06-28|archive-url=https://web.archive.org/web/20180628230236/https://www.usatoday.com/story/tech/2018/06/28/california-lawmakers-pass-tough-new-online-privacy-rules-could-model-other-states/743397002/|url-status=live}}</ref><ref>{{cite magazine|url=http://time.com/5326166/california-approves-data-privacy-law/|title=California Passes A Sweeping New Data Privacy Law|magazine=Time|access-date=2018-06-29|archive-url=https://web.archive.org/web/20180703031105/http://time.com/5326166/california-approves-data-privacy-law/|archive-date=2018-07-03|url-status=dead}}</ref>
With the [[Republican party of the United States|Republicans]] in control of all three branches of the U.S. government, [[Lobbying in the United States|lobbyists]] for Internet service providers (ISPs) and tech firms persuaded lawmakers to dismantle regulations to protect privacy which had been made during the [[Presidency of Barack Obama|Obama administration]]. These FCC rules had required ISPs to get "explicit consent" before gathering and selling their private Internet information, such as the consumers' browsing histories, locations of businesses visited and applications used.<ref name="Kindy-2017"/> Trade groups wanted to be able to sell this information for profit.<ref name="Kindy-2017"/> Lobbyists persuaded Republican senator [[Jeff Flake]] and Republican representative [[Marsha Blackburn]] to sponsor legislation to dismantle Internet privacy rules; Flake received $22,700 in donations and Blackburn received $20,500 in donations from these trade groups.<ref name="Kindy-2017"/> On March 23, 2017, abolition of these privacy protections passed on a narrow party-line vote.<ref name="Kindy-2017">{{cite news | last=Kindy | first=Kimberly | title=How Congress dismantled federal Internet privacy rules | newspaper=Washington Post | date=2017-05-30 | url=https://www.washingtonpost.com/politics/how-congress-dismantled-federal-internet-privacy-rules/2017/05/29/7ad06e14-2f5b-11e7-8674-437ddb6e813e_story.html |archive-url=https://web.archive.org/web/20170730030722/https://www.washingtonpost.com/politics/how-congress-dismantled-federal-internet-privacy-rules/2017/05/29/7ad06e14-2f5b-11e7-8674-437ddb6e813e_story.html?wpisrc=nl_evening&wpmm=1 |archive-date=2017-07-30 |url-status=live}}</ref> In June 2018, California passed the law restricting companies from sharing [[user data]] without permission. Also, users would be informed to whom the data is being sold and why. On refusal to sell the data, companies are allowed to charge a little higher to these consumers.<ref>{{Cite news|url=https://money.cnn.com/2018/06/28/technology/california-consumer-privacy-act/index.html|title=California passes strictest online privacy law in the country|last=Kelly|first=Heather|work=CNNMoney|access-date=2018-06-29|archive-date=2022-02-19|archive-url=https://web.archive.org/web/20220219195658/https://money.cnn.com/2018/06/28/technology/california-consumer-privacy-act/index.html|url-status=live}}</ref><ref>{{Cite news|url=https://www.usatoday.com/story/tech/2018/06/28/california-lawmakers-pass-tough-new-online-privacy-rules-could-model-other-states/743397002/|title=California passes nation's toughest online privacy law|work=USA TODAY|access-date=2018-06-29|archive-date=2018-06-28|archive-url=https://web.archive.org/web/20180628230236/https://www.usatoday.com/story/tech/2018/06/28/california-lawmakers-pass-tough-new-online-privacy-rules-could-model-other-states/743397002/|url-status=live}}</ref><ref>{{cite magazine|url=http://time.com/5326166/california-approves-data-privacy-law/|title=California Passes A Sweeping New Data Privacy Law|magazine=Time|access-date=2018-06-29|archive-url=https://web.archive.org/web/20180703031105/http://time.com/5326166/california-approves-data-privacy-law/|archive-date=2018-07-03|url-status=dead}}</ref>


==Legal threats==
==Legal threats==
Line 305: Line 308:


Specific examples:
Specific examples:
* Following a decision by the [[Council of the European Union|European Union's council of ministers]] in Brussels, in January 2009, the UK's [[Home Office]] adopted a plan to allow police to access the contents of individuals' computers without a warrant. The process, called "remote searching", allows one party, at a remote location, to examine another's hard drive and Internet traffic, including email, browsing history and websites visited. Police across the EU are now permitted to request that the British police conduct a remote search on their behalf. The search can be granted, and the material turned over and used as evidence, on the basis of a senior officer believing it necessary to prevent a serious crime. Opposition [[Member of Parliament (United Kingdom)|MPs]] and civil liberties advocates are concerned about this move toward widening surveillance and its possible impact on personal privacy. [[Shami Chakrabarti]], director of the human rights group [[Liberty (advocacy group)|Liberty]], said "The public will want this to be controlled by new legislation and judicial authorization. Without those safeguards it's a devastating blow to any notion of personal privacy."<ref>{{cite news |url=http://www.timesonline.co.uk/tol/news/politics/article5439604.ece |title=Police set to step up hacking of home PCs |publisher=Timesonline.co.uk |access-date=2011-11-25 |location=London |url-access=subscription |archive-date=2011-09-29 |archive-url=https://web.archive.org/web/20110929011940/http://www.timesonline.co.uk/tol/news/politics/article5439604.ece |url-status=live }}</ref>
* Following a decision by the [[Council of the European Union|European Union's council of ministers]] in Brussels, in January 2009, the UK's [[Home Office]] adopted a plan to allow police to access the contents of individuals' computers without a warrant. The process, called "remote searching", allows one party, at a remote location, to examine another's hard drive and Internet traffic, including email, browsing history and websites visited. Police across the EU are now permitted to request that the British police conduct a remote search on their behalf. The search can be granted, and the material turned over and used as evidence, on the basis of a senior officer believing it necessary to prevent a serious crime. Opposition [[Member of Parliament (United Kingdom)|MPs]] and civil liberties advocates are concerned about this move toward widening surveillance and its possible impact on personal privacy. [[Shami Chakrabarti]], director of the human rights group [[Liberty (advocacy group)|Liberty]], said "The public will want this to be controlled by new legislation and judicial authorization. Without those safeguards it's a devastating blow to any notion of personal privacy."<ref>{{cite news |url=http://www.timesonline.co.uk/tol/news/politics/article5439604.ece |title=Police set to step up hacking of home PCs |publisher=Timesonline.co.uk |access-date=2011-11-25 |location=London |url-access=subscription |archive-date=2011-09-29 |archive-url=https://web.archive.org/web/20110929011940/http://www.timesonline.co.uk/tol/news/politics/article5439604.ece |url-status=dead }}</ref>
* The FBI's [[Magic Lantern (spyware)|Magic Lantern]] software program was the topic of much debate when it was publicized in November 2001. Magic Lantern is a [[Trojan horse (computing)|Trojan Horse]] program that logs users' keystrokes, rendering encryption useless to those infected.<ref>{{cite web |url=http://www.rumormillnews.com/cgi-bin/archive.cgi?noframes;read=15391 |title=FBI 'Lantern' Software Does Log Keystrokes |publisher=Rumormillnews.com |access-date=2011-11-25 |archive-url=https://web.archive.org/web/20120623023322/http://www.rumormillnews.com/cgi-bin/archive.cgi?noframes;read=15391 |archive-date=2012-06-23 |url-status=dead }}</ref>
* The FBI's [[Magic Lantern (spyware)|Magic Lantern]] software program was the topic of much debate when it was publicized in November 2001. Magic Lantern is a [[Trojan horse (computing)|Trojan Horse]] program that logs users' keystrokes, rendering encryption useless to those infected.<ref>{{cite web |url=http://www.rumormillnews.com/cgi-bin/archive.cgi?noframes;read=15391 |title=FBI 'Lantern' Software Does Log Keystrokes |publisher=Rumormillnews.com |access-date=2011-11-25 |archive-url=https://web.archive.org/web/20120623023322/http://www.rumormillnews.com/cgi-bin/archive.cgi?noframes;read=15391 |archive-date=2012-06-23 |url-status=dead }}</ref>


Line 314: Line 317:
{{div col|colwidth=28em}}
{{div col|colwidth=28em}}
* [[Anonymous blogging]]
* [[Anonymous blogging]]
* [[Anonymous P2P]]
* [[Anonymous post]]
* [[Anonymous post]]
* [[Anonymous P2P]]
* [[Anonymous remailer]]
* [[Anonymous remailer]]
* [[Tor (network)|Anonymous web browsing]]
* [[Tor (network)|Anonymous web browsing]]
* [[Canadian privacy law]]
* [[Computer and network surveillance]]
* [[Digital footprint]]
* [[Digital footprint]]
* [[Data Protection Directive|European Union Data Protection Directive]]
* [[Internet censorship]]
* [[Internet censorship]]
* [[Location-based service#Privacy issues]]
* [[Location-based service#Privacy issues]]
* [[Mass surveillance]]
* [[PRISM (surveillance program)| PRISM surveillance program]]
* [[Privacy-enhancing technologies]]
* [[Privacy-enhancing technologies]]
* [[PRISM (surveillance program)|PRISM]]
* [[Privacy concerns with social networking services]]
* [[Spatial cloaking]]
* [[Right to be forgotten]]
* [[Privacy in Australian law]]
* [[Privacy in Australian law]]
* [[Canadian privacy law]]
* [[Data Protection Directive|European Union Data Protection Directive]]
* [[Privacy in English law]]
* [[Privacy in English law]]
* [[Data protection (privacy) laws in Russia|Privacy laws in Russia]]
* [[Data protection (privacy) laws in Russia|Privacy laws in Russia]]
* [[Privacy laws of the United States]]
* [[Privacy laws of the United States]]
* [[Privacy software]]
* [[Computer and network surveillance]]
* [[Privacy concerns with social networking services]]
* [[Mass surveillance]]
* [[Right to be forgotten]]
* [[Search engine privacy]]
* [[Search engine privacy]]
* [[Spatial cloaking]]
* [[Wire data]]
* [[Wire data]]
{{div col end}}
{{div col end}}

Latest revision as of 19:22, 30 October 2024

Internet privacy involves the right or mandate of personal privacy concerning the storage, re-purposing, provision to third parties, and display of information pertaining to oneself via the Internet.[1][2] Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large-scale computer sharing[3] and especially relate to mass surveillance.[4]

Privacy can entail either personally identifiable information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two parameters are unique enough to identify a specific person typically. Other forms of PII may include GPS tracking data used by apps,[5] as the daily commute and routine information can be enough to identify an individual.[6]

It has been suggested that the "appeal of online services is to broadcast personal information on purpose."[7] On the other hand, in security expert Bruce Schneier's essay entitled, "The Value of Privacy", he says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance."[8][9]

Levels of privacy

[edit]

Internet and digital privacy are viewed differently from traditional expectations of privacy. Internet privacy is primarily concerned with protecting user information. Law Professor Jerry Kang explains that the term privacy expresses space, decision, and information.[10] In terms of space, individuals have an expectation that their physical spaces (e.g. homes, cars) not be intruded. Information privacy is in regard to the collection of user information from a variety of sources.[10]

In the United States, the 1997 Information Infrastructure Task Force (IITF) created under President Clinton defined information privacy as "an individual's claim to control the terms under which personal information — information identifiable to the individual — is acquired, disclosed, and used."[11] At the end of the 1990s, with the rise of the Internet, it became clear that governments, companies, and other organizations would need to abide by new rules to protect individuals' privacy. With the rise of the Internet and mobile networks, Internet privacy is a daily concern for users[citation needed].

People with only a casual concern for Internet privacy do not need to achieve total anonymity. Internet users may protect their privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link Internet activities to personally-identifiable information of the Internet user. In order to keep their information private, people need to be careful with what they submit and look at online. When filling out forms and buying merchandise, information is tracked and because it is not private, some companies send Internet users spam and advertising on similar products.

There are also several governmental organizations that protect an individual's privacy and anonymity on the Internet, to a point. In an article presented by the FTC, in October 2011, a number of pointers were brought to attention that help an individual Internet user avoid possible identity theft and other cyber-attacks. Preventing or limiting the usage of Social Security numbers online, being wary and respectful of emails including spam messages, being mindful of personal financial details, creating and managing strong passwords, and intelligent web-browsing behaviours are recommended, among others.[12]

Posting things on the Internet can be harmful or expose people to malicious attacks. Some information posted on the Internet persists for decades, depending on the terms of service, and privacy policies of particular services offered online. This can include comments written on blogs, pictures, and websites, such as Facebook and X (formerly Twitter). Once it is posted, anyone can potentially find it and access it. Some employers may research potential employees by searching online for the details of their online behaviors, possibly affecting the outcome of the success of the candidate.[13]

Risks to Internet privacy

[edit]

Since personalised advertisements are more efficient, and thus more profitable, than non-personalised ones, online advertising providers often collect (or facilitate the collection of) user data such as browsing and search history, shopping patterns and social media behaviour. This data can then be automatically processed to display ads more likely to be successful with the particular user they are being displayed to, as well as to personalise content displayed to the user on social media sites. In 1998, the Federal Trade Commission considered the lack of privacy for children on the Internet and created the Children's Online Privacy Protection Act (COPPA), limiting options obtaining personal information of children and stipulating requirement for privacy policies.

Apart from corporate data collection, on-line privacy threats also include criminal and fraudulent activity. This category includes shortened links on many social media platforms leading to potentially harmful websites, scam e-mails and e-mail attachments that persuade users to install malware or disclose personal information. On online piracy sites, threats include malicious software being presented as legitimate content. When using a smartphone, geolocation data may be compromised.[14]

In late 2007, Facebook launched the Beacon program in which user commercial activity was released to the public for friends to see. Beacon created considerable controversy soon after it was launched due to privacy concerns, and the Lane v. Facebook, Inc. case ensued.[15]

Internet protocol (IP) addresses

[edit]

The architecture of the Internet Protocol necessitates that a website receives IP addresses of its visitors, which can be tracked through time. Companies match data over time to associate the name, address, and other information to the IP address.[16] There are opposing views in different jurisdiction on whether an IP address is personal information. The Court of Justice of the European Union has ruled they need to be treated as personally identifiable information if the website tracking them, or a third party like a service provider knows the name or street address of the IP address holder, which would be true for static IP addresses, not for dynamic addresses.[17]

California regulations say IP addresses need to be treated as personal information if the business itself, not a third party, can link them to a name and street address.[17][18]

An Alberta court ruled that police can obtain the IP addresses and the names and addresses associated with them without a search warrant; the Calgary, Alberta police found IP addresses that initiated online crimes. The service provider gave police the names and addresses associated with those IP addresses.[19]

HTTP cookies

[edit]

An HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other state information required in complex websites. It may also be used for user-tracking by storing special usage history data in a cookie, and such cookies — for example, those used by Google Analytics — are called tracking cookies. Cookies are a common concern in the field of Internet privacy. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.[20]

In the past, websites have not generally made the user explicitly aware of the storing of cookies, however, tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories — a privacy concern that prompted European and US lawmakers to take action in 2011.[21][22] Cookies can also have implications for computer forensics. In past years, most computer users were not completely aware of cookies, but users have become conscious of the possible detrimental effects of Internet cookies: a recent study has shown that 58% of users have deleted cookies from their computer at least once, and that 39% of users delete cookies from their computer every month. Since cookies are advertisers' main way of targeting potential customers, and some customers are deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies, but modern browsers and anti-malware software can now block or detect and remove such cookies.

The original developers of cookies intended that only the website that originally distributed cookies to users could retrieve them, therefore returning only data already possessed by the website. However, in practice, programmers can circumvent this restriction. Possible consequences include:

  • the placing of a personally identifiable tag in a browser to facilitate web profiling (see below), or
  • use of cross-site scripting or other techniques to steal information from a user's cookies.

Cookies do have benefits. One is that for websites that one frequently visits that require a password, cookies may allow a user to not have to sign in every time. A cookie can also track one's preferences to show them websites that might interest them. Cookies make more websites free to use without any type of payment. Some of these benefits are also seen as negative. For example, one of the most common ways of theft is hackers taking one's username and password that a cookie saves. While many sites are free, they sell their space to advertisers. These ads, which are personalized to one's likes, can sometimes freeze one's computer or cause annoyance. Cookies are mostly harmless except for third-party cookies. These cookies are not made by the website itself but by web banner advertising companies. These third-party cookies are dangerous because they take the same information that regular cookies do, such as browsing habits and frequently visited websites, but then they share this information with other companies.

Cookies are often associated with pop-up windows because these windows are often, but not always, tailored to a person's preferences. These windows are an irritation because the close button may be strategically hidden in an unlikely part of the screen. In the worst cases, these pop-up ads can take over the screen and while one tries to close them, they can take one to another unwanted website.

Cookies are seen so negatively because they are not understood and go unnoticed while someone is simply surfing the Internet. The idea that every move one makes while on the Internet is being watched, would frighten most users.

Some users choose to disable cookies in their web browsers.[23] Such an action can reduce some privacy risks but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general but preventing their abuse. There is also a host of wrapper applications that will redirect cookies and cache data to some other location. Concerns exist that the privacy benefits of deleting cookies have been over-stated.[24]

The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of "typical Internet users". Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual. This is why Google, the dominant ad platform, that uses cookies to allow marketers to track people has announced plans to "kill the cookie."[25]

Governments and organizations may set up honeypot websites – featuring controversial topics – to attract and track unwary people. This constitutes a potential danger for individuals.

Flash cookies

[edit]

When some users choose to disable HTTP cookies to reduce privacy risks as noted, new types of client-side storage were invented: since cookies are advertisers' main way of targeting potential customers, and some customers were deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies. In a 2009 study, Flash cookies were found to be a popular mechanism for storing data on the top 100 most visited sites.[26] Another 2011 study of social media found that, "Of the top 100 web sites, 31 had at least one overlap between HTTP and Flash cookies."[27] However, modern browsers and anti-malware software can now block or detect and remove such cookies.

Flash cookies, also known as local shared objects, work the same way as normal cookies and are used by the Adobe Flash Player to store information on the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect Flash cookies. One way to view and control them is with browser extensions or add-ons. Flash cookies are unlike HTTP cookies in the sense that they are not transferred from the client back to the server. Web browsers read and write these cookies and can track any data by web usage.[28]

Although browsers such as Internet Explorer 8 and Firefox 3 have added a "Privacy Browsing" setting, they still allow Flash cookies to track the user and operate fully. However, the Flash player browser plugin can be disabled[29] or uninstalled,[30] and Flash cookies can be disabled on a per-site or global basis. Adobe's Flash and (PDF) Reader are not the only browser plugins whose past security defects[31] have allowed spyware or malware to be installed: there have also been problems with Oracle's Java.[32]

Evercookies

[edit]

Evercookie, created by Samy Kamkar,[33][34] is a JavaScript-based application which produces cookies in a web browser that actively "resist" deletion by redundantly copying themselves in different forms on the user's machine (e.g., Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies that are missing or expired. Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. It has the ability to store cookies in over ten types of storage mechanisms so that once they are on one's computer they will never be gone. Additionally, if Evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.[35] Evercookies are a type of zombie cookie. However, modern browsers and anti-malware software can now block or detect and remove such cookies.

Anti-fraud uses

[edit]

Some anti-fraud companies have realized the potential of Evercookies to protect against and catch cyber criminals. These companies already hide small files in several places on the perpetrator's computer but hackers can usually easily get rid of these. The advantage to Evercookies is that they resist deletion and can rebuild themselves.[36]

Advertising uses

[edit]

There is controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a person's computer that are used to predict what one wants. Many advertisement companies want to use this technology to track what their customers are looking at online. This is known as online behavioural advertising which allows advertisers to keep track of the consumer's website visits to personalize and target advertisements.[37] Ever-cookies enable advertisers to continue to track a customer regardless of whether their cookies are deleted or not. Some companies are already using this technology but the ethics are still being widely debated.

Criticism

[edit]

Anonymizer "nevercookies" are part of a free Firefox plugin that protects against Evercookies. This plugin extends Firefox's private browsing mode so that users will be completely protected from ever-cookies.[38] Never-cookies eliminate the entire manual deletion process while keeping the cookies users want like browsing history and saved account information.

Other Web tracking risks

[edit]
  • Canvas fingerprinting allows websites to identify and track users using HTML5 canvas elements instead of using a browser cookie.[39]
  • Cross-device tracking are used by advertisers to help identify which channels are most successful in helping convert browsers into buyers.[40]
  • Click-through rate is used by advertisers to measure the number of clicks they receive on their ads per number of impressions.
  • Mouse tracking collects the user's mouse cursor positions on the computer.
  • Browser fingerprinting relies on your browser and is a way of identifying users every time they go online and track your activity. Through fingerprinting, websites can determine the user's operating system, language, time zone, and browser version without your permission.[41]
  • Supercookies or "evercookies" can not only be used to track users across the web, but they are also hard to detect and difficult to remove since they are stored in a different place than the standard cookies.[42]
  • Session replay scripts allows the ability to replay a visitor's journey on a web site or within a mobile application or web application.[43][44]
  • "Redirect tracking" is the use of redirect pages to track users across websites.[45]
  • Web beacons are commonly used to report that an individual who received an email has read it.
  • Favicons can be used to track users since they persist across browsing sessions.[46]
  • Federated Learning of Cohorts (FLoC), trialed in Google Chrome in 2021, which intends to replace existing behavioral tracking which relies on tracking individual user actions and aggregating them on the server side with web browser declaring their membership in a behavioral cohort.[47] EFF has criticized FLoC as retaining the fundamental paradigm of surveillance economy, where "each user's behavior follows them from site to site as a label, inscrutable at a glance but rich with meaning to those in the know".[48]
  • "UID smuggling"[clarification needed] was found to be prevalent and largely not mitigated by latest protection tools – such as Firefox's tracking protection and uBlock Origin – by a 2022 study, which also contributed to countermeasures.[49][50]

Device fingerprinting

[edit]

A device fingerprint is information collected about the software and hardware of a remote computing device to identify individual devices even when persistent cookies (and also zombie cookies) cannot be read or stored in the browser, the client IP address is hidden, and even if one switches to another browser on the same device. This may allow a service provider to detect and prevent identity theft and credit card fraud, but also to compile long-term records of individuals' browsing histories even when they're attempting to avoid tracking, raising a major concern for Internet privacy advocates.

Third-Party Requests

[edit]

Third-Party Requests are HTTP data connections from client devices to addresses on the web which are different from the website the user is currently surfing. Many alternative tracking technologies to cookies are based on third-party requests. Their importance has increased during the last few years and even accelerated after Mozilla (2019), Apple (2020), and Google (2022) have announced to block third-party cookies by default.[51] Third requests may be used for embedding external content (e.g. advertisements) or for loading external resources and functions (e.g. images, icons, fonts, captchas, JQuery resources and many others). Depending on the type of resource loaded, such requests may enable third parties to execute a device fingerprint or place any other kind of marketing tag. Irrespective of the intention, such requests do often disclose information that may be sensitive, and they can be used for tracking either directly or in combination with other personally identifiable information . Most of the requests disclose referrer details that reveal the full URL of the actually visited website. In addition to the referrer URL, further information may be transmitted by the use of other request methods such as HTTP POST. Since 2018 Mozilla partially mitigates the risk of third-party requests by cutting the referrer information when using the private browsing mode.[52] However, personal information may still be revealed to the requested address in other areas of the HTTP-header.

Photographs on the Internet

[edit]
'No photos' tag at Wikimania

Today, many people have digital cameras and post their photographs online. For example, street photography practitioners do so for artistic purposes and social documentary photography practitioners do so to document people in everyday life. The people depicted in these photos might not want them to appear on the Internet. Police arrest photos, considered public record in many jurisdictions, are often posted on the Internet by online mug shot publishing sites.

Some organizations attempt to respond to this privacy-related concern. For example, the 2005 Wikimania conference required that photographers have the prior permission of the people in their pictures, albeit this made it impossible for photographers to practice candid photography, and doing the same in a public place would violate the photographers' free speech rights. Some people wore a "no photos" tag to indicate they would prefer not to have their photo taken (see photo).[53]

The Harvard Law Review published a short piece called "In The Face of Danger: Facial Recognition and Privacy Law", much of it explaining how "privacy law, in its current form, is of no help to those unwillingly tagged."[54] Any individual can be unwillingly tagged in a photo and displayed in a manner that might violate them personally in some way, and by the time Facebook gets to taking down the photo, many people will have already had the chance to view, share, or distribute it. Furthermore, traditional tort law does not protect people who are captured by a photograph in public because this is not counted as an invasion of privacy. The extensive Facebook privacy policy covers these concerns and much more. For example, the policy states that they reserve the right to disclose member information or share photos with companies, lawyers, courts, government entities, etc. if they feel it is absolutely necessary. The policy also informs users that profile pictures are mainly to help friends connect to each other.[55] However, these, as well as other pictures, can allow other people to invade a person's privacy by finding out information that can be used to track and locate a certain individual. In an article featured in ABC News, it was stated that two teams of scientists found out that Hollywood stars could be giving up information about their private whereabouts very easily through pictures uploaded to the Internet. Moreover, it was found that pictures taken by some phones and tablets, including iPhones, automatically attach the latitude and longitude of the picture taken through metadata unless this function is manually disabled.[56]

Face recognition technology can be used to gain access to a person's private data, according to a new study. Researchers at Carnegie Mellon University combined image scanning, cloud computing and public profiles from social networking sites to identify individuals in the offline world. Data captured even included a user's social security number.[57] Experts have warned of the privacy risks faced by the increased merging of online and offline identities. The researchers have also developed an 'augmented reality' mobile app that can display personal data over a person's image captured on a smartphone screen.[58] Since these technologies are widely available, users' future identities may become exposed to anyone with a smartphone and an Internet connection. Researchers believe this could force a reconsideration of future attitudes to privacy.

Google Street View

[edit]

Google Street View, released in the U.S. in 2007, is currently the subject of an ongoing debate about possible infringement on individual privacy.[59][60] Researchers have argued that Google Street View "facilitate[s] identification and disclosure with more immediacy and less abstraction."[61] The medium through which Street View disseminates information, the photograph, is very immediate in the sense that it can potentially provide direct information and evidence about a person's whereabouts, activities, and private property. Moreover, the technology's disclosure of information about a person is less abstract in the sense that, if photographed, a person is represented on Street View in a virtual replication of his or her own real-life appearance. In other words, the technology removes abstractions of a person's appearance or that of his or her personal belongings – there is an immediate disclosure of the person and object, as they visually exist in real life. Although Street View began to blur license plates and people's faces in 2008,[59] the technology is faulty and does not entirely ensure against accidental disclosure of identity and private property.[60]

The researchers note that "many of the concerns leveled at Street View stem from situations where its photograph-like images were treated as definitive evidence of an individual's involvement in particular activities."[61] In one instance, a Swiss politician, barely avoided public scandal when he was photographed in 2009 on Google Street View walking with a woman who was not his wife – the woman was actually his secretary.[59] Similar situations occur when Street View provides high-resolution photographs – and photographs hypothetically offer compelling objective evidence.[61] But as the case of the Swiss politician illustrates, even supposedly compelling photographic evidence is sometimes subject to gross misinterpretation. This example further suggests that Google Street View may provide opportunities for privacy infringement and harassment through public dissemination of the photographs. Google Street View does, however, blur or remove photographs of individuals and private property from image frames if the individuals request further blurring and/or removal of the images. This request can be submitted for review through the "report a problem" button that is located on the bottom left-hand side of every image window on Google Street View; however, Google has made attempts to report a problem difficult by disabling the "Why are you reporting the street view" icon.

Search engines

[edit]

Search engines have the ability to track a user's searches. Personal information can be revealed through searches by the user's computer, account, or IP address being linked to the search terms used. Search engines have claimed a necessity to retain such information in order to provide better services, protect against security pressure, and protect against fraud.[62] A search engine takes all of its users and assigns each one a specific ID number. Search engines often keep records of users' Internet activity and sites visited. AOL's system is one example. AOL has a database of 21 million members, each with their own specific ID number. The way that AOL's search engine is set up, however, allows for AOL to keep records of all the websites visited by any given member. Even though the true identity of the user is not known, a full profile of a member can be made just by using the information stored by from search history. By keeping records of what people query through AOL Search, the company is able to learn a great deal about them without knowing their names.[63]

Search engines also are able to retain user information, such as location and time spent using the search engine, for up to ninety days. Most search engine operators use the data to get a sense of which needs must be met in certain areas of their field. People working in the legal field are also allowed to use information collected from these search engine websites. The Google search engine is given as an example of a search engine that retains the information entered for a period of three-fourths of a year before it becomes obsolete for public usage. Yahoo! follows in the footsteps of Google in the sense that it also deletes user information after a period of ninety days. Other search engines such as Ask! search engine have promoted a tool of "AskEraser" which essentially takes away personal information when requested.[64] Some changes made to Internet search engines included that of Google's search engine. Beginning in 2009, Google began to run a new system where the Google search became personalized. The item that is searched and the results that are shown remember previous information that pertains to the individual.[65] Google search engine not only seeks what is searched but also strives to allow the user to feel like the search engine recognizes their interests. This is achieved by using online advertising.[66] A system that Google uses to filter advertisements and search results that might interest the user is by having a ranking system that tests relevancy that includes observation of the behavior users exude while searching on Google. Another function of search engines is the predictability of location. Search engines are able to predict where one's location is currently by locating IP Addresses and geographical locations.[67]

Google had publicly stated on January 24, 2012, that its privacy policy would once again be altered. This new policy would change the following for its users: (1) the privacy policy would become shorter and easier to comprehend and (2) the information that users provide would be used in more ways than it is presently being used. The goal of Google is to make users' experiences better than they currently are.[68]

This new privacy policy came into effect on March 1, 2012. Peter Fleischer, the Global Privacy Counselor for Google, has explained that if a person is logged into his/her Google account, and only if he/she is logged in, information will be gathered from multiple Google services in which he/she has used in order to be more accommodating. Google's new privacy policy will combine all data used on Google's search engines (i.e., YouTube and Gmail) in order to work along the lines of a person's interests. A person, in effect, will be able to find what he/she wants at a more efficient rate because all searched information during times of login will help to narrow down new search results.[69]

Google's privacy policy explains what information they collect and why they collect it, how they use the information, and how to access and update information. Google will collect information to better service its users such as their language, which ads they find useful, or people that are important to them online. Google announces they will use this information to provide, maintain and protect Google and its users. The information Google uses will give users more relevant search results and advertisements. The new privacy policy explains that Google can use shared information on one service in other Google services from people who have a Google account and are logged in. Google will treat a user as a single user across all of their products. Google claims the new privacy policy will benefit its users by being simpler. Google will, for example, be able to correct the spelling of a user's friend's name in a Google search or notify a user they are late based on their calendar and current location. Even though Google updated its privacy policy, its core privacy guidelines did not change. For example, Google still does not sell personal information or share it externally.[70]

Users and public officials have raised many concerns regarding Google's new privacy policy. The main concern/issue involves the sharing of data from multiple sources. Because this policy gathers all information and data searched from multiple engines when logged into Google, and uses it to help assist users, privacy becomes an important element. Public officials and Google account users are worried about online safety because of all this information being gathered from multiple sources.[71]

Some users do not like the overlapping privacy policy, wishing to keep the service of Google separate. The update to Google's privacy policy has alarmed both public and private sectors. The European Union has asked Google to delay the onset of the new privacy policy in order to ensure that it does not violate E.U. law. This move is in accordance with objections to decreasing online privacy raised in other foreign nations where surveillance is more heavily scrutinized.[72] Canada and Germany have both held investigations into the legality of both Facebook, against respective privacy acts, in 2010. The new privacy policy only heightens unresolved concerns regarding user privacy.[73][74]

An additional feature of concern to the new Google privacy policy is the nature of the policy. One must accept the policy or delete existing Google accounts.[75] Customizing the privacy settings of a social network is a key tactic that many feel is necessary for social networking sites. Additionally, some fear the sharing of data amongst Google services could lead to revelations of identities. Many using pseudonyms are concerned about this possibility, and defend the role of pseudonyms in literature and history.[76]

Some solutions to being able to protect user privacy on the Internet can include programs such as "Rapleaf" which is a website that has a search engine that allows users to make all of one's search information and personal information private. Other websites that also give this option to their users are Facebook and Amazon.[77]

Privacy-focused search engines/browsers

[edit]

Search engines such as Startpage.com, Disconnect.me and Scroogle (defunct since 2012) anonymize Google searches. The following are some of the more notable privacy-focused search engines:

Brave
A free software that reports to be a privacy-first website browsing service, blocking online trackers and ads, and not tracking users' browsing data.
DuckDuckGo
A meta-search engine that combines the search results from various search engines (excluding Google) and provides some unique services like using search boxes on various websites and providing instant answers out of the box.
Qwant
An EU-based web-search engine that is focusing on privacy. It has its own index and has servers hosted in the European Union.
Searx
A free and open-source privacy-oriented meta-search engine which is based on a number of decentralized instances. There are a number of existing public instances, but any user can create their own if they desire.
Fireball
Germany's first search engine that obtains web results from various sources (mainly Bing). Fireball is not collecting any user information. All servers are stationed in Germany, a plus considering the German legislation tends to respect privacy rights better than many other European countries.
MetaGer
A meta-search engine (obtains results from various sources) and in Germany by far the most popular safe search engine. MetaGer uses similar safety features as Fireball.
Ixquick
A Dutch-based meta-search engine (obtains results from various sources). It commits also to the protection of the privacy of its users. Ixquick uses similar safety features as Fireball.
Yacy
A decentralized search engine developed on the basis of a community project, which started in 2005. The search engine follows a slightly different approach to the two previous ones, using a peer-to-peer principle that does not require any stationary and centralized servers. This has its disadvantages but also the simple advantage of greater privacy when surfing due to basically no possibility of hacking.
Search Encrypt
An Internet search engine that prioritizes maintaining user privacy and avoiding the filter bubble of personalized search results. It differentiates itself from other search engines by using local encryption on searches and delayed history expiration.
Tor Browser
A free software that provides access to an anonymized network that enables anonymous communication. It directs the Internet traffic through multiple relays. This encryption method prevents others from tracking a certain user, thus allowing the user's IP address and other personal information to be concealed.[78]

Privacy issues of social networking sites

[edit]

The advent of the Web 2.0 has caused social profiling and is a growing concern for Internet privacy. Web 2.0 is the system that facilitates participatory information sharing and collaboration on the Internet, in social networking media websites like Facebook, Instagram, X (formerly Twitter), and MySpace. These social networking sites have seen a boom in their popularity starting from the late 2000s. Through these websites, many people are giving their personal information out on the Internet.

Accountability for the collection and distribution of personal information has been a subject of ongoing discussion. Social networks have been held responsible for storing the information and data, while users who provide their information on these sites are also seen as liable by some. This relates to the ever-present issue of how society regards social media sites. An increasing number of individuals are becoming aware of the potential risks associated with sharing personal information online and placing trust in websites to maintain privacy. In a 2012 study, researchers found that young people are taking measures to keep their posted information on Facebook private to some degree. Examples of such actions include managing their privacy settings so that certain content can be visible to "Only Friends" and ignoring Facebook friend requests from strangers.[79]

In 2013 a class action lawsuit was filed against Facebook alleging the company scanned user messages for web links, translating them to “likes” on the user's Facebook profile. Data lifted from the private messages was then used for targeted advertising, the plaintiffs claimed. "Facebook's practice of scanning the content of these messages violates the federal Electronic Communications Privacy Act (ECPA also referred to as the Wiretap Act), as well as California's Invasion of Privacy Act (CIPA), and section 17200 of California's Business and Professions Code," the plaintiffs said.[80] This shows that once information is online it is no longer completely private. It is an increasing risk because younger people have easier Internet access than ever before, therefore they put themselves in a position where it is all too easy for them to upload information, but they may not have the caution to consider how difficult it can be to take that information down once it has been out in the open. This is becoming a bigger issue now that so much of society interacts online which was not the case fifteen years ago. In addition, because of the quickly evolving digital media arena, people's interpretation of privacy is evolving as well, and it is important to consider that when interacting online. New forms of social networking and digital media such as Instagram and Snapchat may call for new guidelines regarding privacy. What makes this difficult is the wide range of opinions surrounding the topic, so it is left mainly up to individual judgment to respect other people's online privacy in some circumstances.

Privacy issues of medical applications

[edit]

With the rise of technology-focused applications, there has been a rise of medical apps available to users on smart devices. In a survey of 29 migraine-management-specific applications, researcher Mia T. Minen (et al.) discovered 76% had clear privacy policies, with 55% of the apps stated using the user data from these giving data to third parties for the use of advertising.[81] The concerns raised discusses the applications without accessible privacy policies, and even more so - applications that are not properly adhering to the Health Insurance Portability and Accountability Act (HIPAA) are in need of proper regulation, as these apps store medical data with identifiable information on a user.

Internet service providers

[edit]

Internet users obtain Internet access through an Internet service provider (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet. ISPs can breach personal information such as transaction history, search history, and social media profiles of users. Hackers could use this opportunity to hack ISPs and obtain sensitive information of victims. However, ISPs are usually prohibited from participating in such activities due to legal, ethical, business, or technical reasons.

Normally ISPs do collect at least some information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc.).

Which information an ISP collects, what it does with that information, and whether it informs its consumers, pose significant privacy issues. Beyond the usage of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request does not necessarily require a warrant.

An ISP cannot know the contents of properly encrypted data passing between its consumers and the Internet. For encrypting web traffic, https has become the most popular and best-supported standard. Even if users encrypt the data, the ISP still knows the IP addresses of the sender and the recipient. (However, see the IP addresses section for workarounds.)

An anonymizer such as I2P – The Anonymous Network or Tor can be used for accessing web services without them knowing one's IP address and without one's ISP knowing what the services are that one accesses. Additional software has been developed that may provide more secure and anonymous alternatives to other applications. For example, Bitmessage can be used as an alternative for email and Cryptocat as an alternative for online chat. On the other hand, in addition to End-to-End encryption software, there are web services such as Qlink[82] which provide privacy through a novel security protocol which does not require installing any software.

While signing up for Internet services, each computer contains a unique IP and Internet Protocol address. This particular address will not give away private or personal information, however, a weak link could potentially reveal information from one's ISP.[83]

General concerns regarding Internet user privacy have become enough of a concern for a UN agency to issue a report on the dangers of identity fraud.[84] In 2007, the Council of Europe held its first annual Data Protection Day on January 28, which has since evolved into the annual Data Privacy Day.[85]

T-Mobile USA does not store any information on web browsing. Verizon Wireless keeps a record of the websites a subscriber visits for up to a year. Virgin Mobile keeps text messages for three months. Verizon keeps text messages for three to five days. None of the other carriers keep specific messages at all, but they keep a record of who texted who for over a year. AT&T Mobility keeps for five to seven years a record of who texts who and the date and time, but not the content of the messages. Virgin Mobile keeps that data for two to three months.[86][needs update]

HTML5

[edit]

HTML5 is the latest version of Hypertext Markup Language specification. HTML defines how user agents, such as web browsers, are to present websites based on their underlying code. This new web standard changes the way that users are affected by the Internet and their privacy on the Internet. HTML5 expands the number of methods given to a website to store information locally on a client as well as the amount of data that can be stored. As such, privacy risks are increased. For instance, merely erasing cookies may not be enough to remove potential tracking methods since data could be mirrored in web storage, another means of keeping information in a user's web browser.[87] There are so many sources of data storage that it is challenging for web browsers to present sensible privacy settings. As the power of web standards increases, so do potential misuses.[88]

HTML5 also expands access to user media, potentially granting access to a computer's microphone or webcam, a capability previously only possible through the use of plug-ins like Flash.[89] It is also possible to find a user's geographical location using the geolocation API. With this expanded access comes increased potential for abuse as well as more vectors for attackers.[90] If a malicious site was able to gain access to a user's media, it could potentially use recordings to uncover sensitive information thought to be unexposed. However, the World Wide Web Consortium, responsible for many web standards, feels that the increased capabilities of the web platform outweigh potential privacy concerns.[91] They state that by documenting new capabilities in an open standardization process, rather than through closed source plug-ins made by companies, it is easier to spot flaws in specifications and cultivate expert advice.

Besides elevating privacy concerns, HTML5 also adds a few tools to enhance user privacy. A mechanism is defined whereby user agents can share blacklists of domains that should not be allowed to access web storage.[87] Content Security Policy is a proposed standard whereby sites may assign privileges to different domains, enforcing harsh limitations on JavaScript use to mitigate cross-site scripting attacks. HTML5 also adds HTML templating and a standard HTML parser which replaces the various parsers of web browser vendors. These new features formalize previously inconsistent implementations, reducing the number of vulnerabilities though not eliminating them entirely.[92][93]

Uploaded file metadata

[edit]

Embedded metadata in files uploaded to the internet can divulge privacy compromising data. For example, most digital cameras and smartphones automatically embed image metadata, such as Exif, which includes the geographical location where the photo has been taken. If the photo has been taken at the photographer's house, his address and identity could be revealed.

This problem can be mitigated by removing metadata from files before uploading them to the internet using a metadata removal tool.

Big data

[edit]

Big data is generally defined as the rapid accumulation and compiling of massive amounts of information that is being exchanged over digital communication systems. The volume of data is large (often exceeding exabytes), cannot be handled by conventional computer processors, and is instead stored on large server-system databases. This information is assessed by analytic scientists using software programs, which paraphrase this information into multi-layered user trends and demographics. This information is collected from all around the Internet, such as by popular services like Facebook, Google, Apple, Spotify or GPS systems.

Big data provides companies with the ability to:

  • Infer detailed psycho-demographic profiles of Internet users, even if they were not directly expressed or indicated by users.[94]
  • Inspect product availability and optimize prices for maximum profit while clearing inventory.
  • Swiftly reconfigure risk portfolios in minutes and understand future opportunities to mitigate risk.
  • Mine customer data for insight and create advertising strategies for customer acquisition and retention.
  • Identify customers who matter the most.
  • Create retail coupons based on a proportional scale to how much the customer has spent, to ensure a higher redemption rate.
  • Send tailored recommendations to mobile devices at just the right time, while customers are in the right location to take advantage of offers.
  • Analyze data from social media to detect new market trends and changes in demand.
  • Use clickstream analysis and data mining to detect fraudulent behavior.
  • Determine root causes of failures, issues and defects by investigating user sessions, network logs and machine sensors.[95]

Other potential Internet privacy risks

[edit]
  • Cross-device tracking identifies users' activity across multiple devices.[96]
  • Massive personal data extraction through mobile device apps that receive carte-blanche-permissions for data access upon installation.[97]
  • Malware is a term short for "malicious software" and is used to describe software that is used to cause damage to a single computer, server, or computer network whether that is through the use of a virus, trojan horse, spyware, etc.[98]
  • Spyware is a piece of software that obtains information from a user's computer without that user's consent.[98]
  • A web bug is an object embedded into a web page or email and is usually invisible to the user of the website or reader of the email. It allows checking to see if a person has looked at a particular website or read a specific email message.
  • Phishing is a criminally fraudulent process of trying to obtain sensitive information such as usernames, passwords, or credit card and bank information. Phishing is an Internet crime in which someone masquerades as a trustworthy entity in some form of electronic communication.
  • Pharming is a hacker's attempt to redirect traffic from a legitimate website to a completely different Internet address. Pharming can be conducted by changing the hosts file on a victim's computer or by exploiting a vulnerability on the DNS server.
  • Social engineering is where people are manipulated or tricked into performing actions or divulging confidential information.[99]
  • Malicious proxy server (or other "anonymity" services).
  • Use of weak passwords that are short, consist of all numbers, all lowercase or all uppercase letters, or that can be easily guessed such as single words, common phrases, a person's name, a pet's name, the name of a place, an address, a phone number, a social security number, or a birth date.[100]
  • Use of recycled passwords or the same password across multiple platforms which have become exposed from a data breach.
  • Using the same login name and/or password for multiple accounts where one compromised account leads to other accounts being compromised.[101]
  • Allowing unused or little-used accounts, where unauthorized use is likely to go unnoticed, to remain active.[102]
  • Using out-of-date software that may contain vulnerabilities that have been fixed in newer, more up-to-date versions.[101]
  • WebRTC is a protocol which suffers from a serious security flaw that compromises the privacy of VPN tunnels, by allowing the true IP address of the user to be read. It is enabled by default in major browsers such as Firefox and Google Chrome.[103]

Reduction of risks to Internet privacy

[edit]

Journalists have reported that the Internet's biggest corporations have hoarded Internet users' personal data to use it and sell it for large financial profits at the users' expense.[104] Academics have called this practice informational exploitation.[105]

Private mobile messaging

[edit]

The magazine reports on a band of startup companies that are demanding privacy and aiming to overhaul the social media business. Popular privacy-focused mobile messaging apps include Wickr, Wire, and Signal, which provide peer-to-peer encryption and give the user the capacity to control what message information is retained on the other end.[106]

Web tracking prevention

[edit]

The most advanced protection tools are or include Firefox's tracking protection and the browser add-ons uBlock Origin and Privacy Badger.[50][107][108]

Moreover, they may include the browser add-on NoScript, the use of an alternative search engine like DuckDuckGo and the use of a VPN. However, VPNs cost money and as of 2023 NoScript may "make general web browsing a pain".[108]

On mobile

On mobile, the most advanced method may be the use of the mobile browser Firefox Focus, which mitigates web tracking on mobile to a large extent, including Total Cookie Protection and similar to the private mode in the conventional Firefox browser.[109][110][111]

Opt-out requests

Users can also control third-party web tracking to some extent by other means. Opt-out cookies let users block websites from installing future cookies. Websites may be blocked from installing third-party advertisers or cookies on a browser, which will prevent tracking on the user's page.[112] Do Not Track is a web browser setting that can request a web application to disable the tracking of a user. Enabling this feature will send a request to the website users are on to voluntarily disable their cross-site user tracking.

Privacy mode

Contrary to popular belief, browser privacy mode does not prevent (all) tracking attempts because it usually only blocks the storage of information on the visitor site (cookies). It does not help, however, against the various fingerprinting methods. Such fingerprints can be de-anonymized.[113] Many times, the functionality of the website fails. For example, one may not be able to log in to the site, or preferences are lost.[citation needed]

Browsers

Some web browsers use "tracking protection" or "tracking prevention" features to block web trackers.[114] The teams behind the NoScript and uBlock add-ons have assisted with developing Firefox's SmartBlock capabilities.[115]

Search Engines

To safeguard user data from tracking by search engines, various privacy focused search engines have been developed as viable alternatives. Examples of such search engines include DuckDuckGo, MetaGer, and Swiscows, which prioritize preventing the storage and tracking of user activity. It's worth noting that while these alternatives offer enhanced privacy, some may not guarantee complete anonymity, and a few might be less user-friendly compared to mainstream search engines such as Google and Microsoft Bing.[116]

Protection through information overflow

[edit]

According to Nicklas Lundblad, another perspective on privacy protection is the assumption that the quickly growing amount of information produced will be beneficial. The reasons for this are that the costs for the surveillance will rise and that there is more noise, noise being understood as anything that interferes with the process of a receiver trying to extract private data from a sender.

In this noise society, the collective expectation of privacy will increase, but the individual expectation of privacy will decrease. In other words, not everyone can be analyzed in detail, but one individual can be. Also, in order to stay unobserved, it can hence be better to blend in with the others than trying to use for example encryption technologies and similar methods. Technologies for this can be called Jante-technologies after the Law of Jante, which states that you are nobody special. This view offers new challenges and perspectives for the privacy discussion.[117]

Public views

[edit]

While Internet privacy is widely acknowledged as the top consideration in any online interaction,[118] as evinced by the public outcry over SOPA/CISPA, public understanding of online privacy policies is actually being negatively affected by the current trends regarding online privacy statements.[119] Users have a tendency to skim Internet privacy policies for information regarding the distribution of personal information only, and the more legalistic the policies appear, the less likely users are to even read the information.[120] Coupling this with the increasingly exhaustive license agreements companies require consumers agree with before using their product, consumers are reading less about their rights.

Furthermore, if the user has already done business with a company, or is previously familiar with a product, they tend to not read the privacy policies that the company has posted.[120] As Internet companies become more established, their policies may change, but their clients will be less likely to inform themselves of the change.[118] This tendency is interesting because as consumers become more acquainted with the Internet they are also more likely to be interested in online privacy. Finally, consumers have been found to avoid reading the privacy policies if the policies are not in a simple format, and even perceive these policies to be irrelevant.[120] The less readily available terms and conditions are, the less likely the public is to inform themselves of their rights regarding the service they are using.

Concerns of Internet privacy and real-life implications

[edit]

While dealing with the issue of Internet privacy, one must first be concerned with not only the technological implications such as damaged property, corrupted files, and the like, but also with the potential for implications on their real lives. One such implication, which is rather commonly viewed as being one of the most daunting fears and risks of the Internet, is the potential for identity theft. Although it is a typical belief that larger companies and enterprises are the usual focus of identity thefts, rather than individuals, recent reports seem to show a trend opposing this belief. Specifically, it was found in a 2007 "Internet Security Threat Report" that roughly ninety-three percent of "gateway" attacks were targeted at unprepared home users. The term "gateway attack" was used to refer to an attack which aimed not at stealing data immediately, but rather at gaining access for future attacks.[121]

According to Symantec's "Internet Security Threat Report", this continues despite the increasing emphasis on Internet security due to the expanding "underground economy". With more than fifty percent of the supporting servers located in the United States, this underground economy has become a haven for Internet thieves, who use the system in order to sell stolen information. These pieces of information can range from generic things such as a user account or email to something as personal as a bank account number and PIN.[121]

While the processes these Internet thieves use are abundant and unique, one popular trap people fall into is that of online purchasing. In a 2001 article titled "Consumer Watch", the popular online site PC World went called secure e-shopping a myth. Though unlike the gateway attacks mentioned above, these incidents of information being stolen through online purchases generally are more prevalent in medium to large e-commerce sites, rather than smaller individualized sites. This is assumed to be a result of the larger consumer population and purchases, which allow for more potential leeway with information.[122]

Ultimately, however, the potential for a violation of one's privacy is typically out of their hands after purchasing from an online retailer or store. One of the most common forms in which hackers receive private information from online retailers actually comes from an attack placed upon the site's servers responsible for maintaining information about previous transactions. As experts explain, these retailers are not doing nearly enough to maintain or improve their security measures. Even those sites that clearly present a privacy or security policy can be subject to hackers' havoc as most policies only rely upon encryption technology which only applies to the actual transfer of a customer's data. However, with this being said, most retailers have been making improvements, going as far as covering some of the credit card fees if the information's abuse can be traced back to the site's servers.[122]

As one of the largest growing concerns American adults have of current Internet privacy policies, identity and credit theft remain a constant figure in the debate surrounding privacy online. A 1997 study by the Boston Consulting Group showed that participants of the study were most concerned about their privacy on the Internet compared to any other media.[123] However, it is important to recall that these issues are not the only prevalent concerns society has. Another prevalent issue remains members of society sending disconcerting emails to one another. It is for this reason in 2001 that for one of the first times the public expressed approval of government intervention in their private lives.[124]

With the overall public anxiety regarding the constantly expanding trend of online crimes, in 2001 roughly fifty-four percent of Americans polled showed a general approval for the FBI monitoring those emails deemed suspicious. Thus, it was born the idea for the FBI program: "Carnivore", which was going to be used as a searching method, allowing the FBI to hopefully home in on potential criminals. Unlike the overall approval of the FBI's intervention, Carnivore was not met with as much of a majority's approval. Rather, the public seemed to be divided with forty-five percent siding in its favor, forty-five percent opposed to the idea for its ability to potentially interfere with ordinary citizen's messages, and ten percent claiming indifference. While this may seem slightly tangent to the topic of Internet privacy, it is important to consider that at the time of this poll, the general population's approval of government actions was declining, reaching thirty-one percent versus the forty-one percent it held a decade prior. This figure in collaboration with the majority's approval of FBI intervention demonstrates an emerging emphasis on the issue of Internet privacy in society and more importantly, the potential implications it may hold on citizens' lives.[124]

Online users must seek to protect the information they share with online websites, specifically social media. In today's Web 2.0 individuals have become the public producers of personal information.[125] Users create their own "digital trails" that hackers and companies alike capture and utilize for a variety of marketing and advertisement targeting. A recent paper from the Rand Corporation claims "privacy is not the opposite of sharing – rather, it is control over sharing."[125] Internet privacy concerns arise from the surrender of personal information to engage in a variety of acts, from transactions to commenting in online forums. Protection against invasions of online privacy will require individuals to make an effort to inform and protect themselves via existing software solutions, to pay premiums for such protections or require individuals to place greater pressure on governing institutions to enforce privacy laws and regulations regarding consumer and personal information.

Impact of Internet surveillance tools on marginalized communities

[edit]

Internet privacy issues also affect existing class distinctions in the United States, often disproportionately impacting historically marginalized groups typically classified by race and class. Individuals with access to private digital connections that have protective services are able to more easily prevent data privacy risks of personal information and surveillance issues. Members of historically marginalized communities face greater risks of surveillance through the process of data profiling, which increases the likelihood of being stereotyped, targeted, and exploited, thus exacerbating pre-existing inequities that foster uneven playing fields.[126] There are severe, and often unintentional, implications for big data which results in data profiling. For example, automated systems of employment verification run by the federal government such as E-verify tend to misidentify people with names that do not adhere to standardized Caucasian-sounding names as ineligible to work in the United States, thus widening unemployment gaps and preventing social mobility.[127] This case exemplifies how some programs have bias embedded within their codes.

Tools using algorithms and artificial intelligence have also been used to target marginalized communities with policing measures,[128] such as using facial recognition softwares and predictive policing technologies that use data to predict where a crime will most likely occur, and who will engage in the criminal activity. Studies have shown that these tools exacerbate the existing issue of over-policing in areas that are predominantly home to marginalized groups. These tools and other means of data collection can also prohibit historically marginalized and low-income groups from financial services regulated by the state, such as securing loans for house mortgages. Black applicants are rejected by mortgage and mortgage refinancing services at a much higher rate than white people, exacerbating existing racial divisions.[129] Members of minority groups have lower incomes and lower credit scores than white people, and often live in areas with lower home values. Another example of technologies being used for surveilling practices is seen in immigration. Border control systems often use artificial intelligence in facial recognition systems, fingerprint scans, ground sensors, aerial video surveillance machines, and decision-making in asylum determination processes.[128][130] This has led to large-scale data storage and physical tracking of refugees and migrants.

While broadband was implemented as a means to transform the relationship between historically marginalized communities and technology to ultimately narrow the digital inequalities, inadequate privacy protections compromise user rights, profile users, and spur skepticism towards technology among users. Some automated systems, like the United Kingdom government's Universal Credit system in 2013, have failed[128] to take into account that people, often minorities, may already lack Internet access or digital literacy skills and therefore be deemed ineligible for online identity verification requirements, such as forms for job applications or to receive social security benefits, for example. Marginalized communities using broadband services may also not be aware of how digital information flows and is shared with powerful media conglomerates, reflecting a broader sense of distrust and fear these communities have with the state. Marginalized communities may therefore end up feeling dissatisfied or targeted by broadband services, whether from nonprofit community service providers or state providers.

Laws and regulations

[edit]

Global privacy policies

[edit]

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. There are no globally unified laws and regulations.

European General Data protection regulation

[edit]

In 2009 the European Union had for the first time created awareness for tracking practices when the ePrivacy-Directive (2009/136/EC) was put in force.[131] In order to comply with this directive, websites had to actively inform the visitor about the use of cookies. This disclosure has been typically implemented by showing small information banners. Nine years later, by 25 May 2018 the European General Data Protection Regulation (GDPR) came into force,[132] which aims to regulate and restrict the usage of personal data in general, irrespective of how the information is being processed.[133] The regulation primarily applies to so-called “controllers”, which are (a) all organizations that process personal information within the European Union, and (b) all organizations which process personal information of EU-based persons outside the European Union. Article 4 (1) defines personal information as anything that may be used for identifying a “data subject” (e.g. natural person) either directly or in combination with other personal information. In theory, this even takes common Internet identifiers such as cookies or IP Addresses in the scope of this regulation. Processing such personal information is restricted unless a "lawful reason" according to Article 6 (1) applies. The most important lawful reason for data processing on the Internet is the explicit content given by the data subject. More strict requirements apply for sensitive personal information (Art 9), which may be used for revealing information about ethnic origin, political opinion, religion, trade union membership, biometrics, health or sexual orientation. However, explicit user content still is sufficient to process such sensitive personal information (Art 9 (2) lit a). “Explicit consent” requires an affirmative act (Art 4 (11)), which is given if the individual person is able to freely choose and does consequently actively opt-in.

As of June 2020, typical cookie implementations are not compliant with this regulation, and other practices such as device fingerprinting, cross-website-logins [134] or 3rd-party requests are typically not disclosed, even though many opinions consider such methods in the scope of the GDPR.[135] The reason for this controversy is the ePrivacy-Directive 2009/136/EC[131] which is still unchanged in force. An updated version of this directive, formulated as ePrivacy Regulation, shall enlarge the scope from cookies only to any type of tracking method. It shall furthermore cover any kind of electronic communication channels such as Skype or WhatsApp. The new ePrivacy-Regulation was planned to come into force alongside the GDPR, but as of July 2020, it was still under review. Some people assume that lobbying is the reason for this massive delay.[136]

Irrespective of the pending ePrivacy-Regulation, the European High Court decided in October 2019 (case C-673/17[137]) that the current law is not fulfilled if the disclosed information in the cookie disclaimer is imprecise, or if the consent checkbox is pre-checked. Consequently, many cookie disclaimers that were in use at that time were confirmed to be incompliant with the current data protection laws. However, even this high court judgment only refers to cookies and not to other tracking methods.

Internet privacy in China

[edit]

One of the most popular topics of discussion regarding Internet privacy is China. Although China is known for its remarkable reputation for maintaining Internet privacy among many online users,[138] it could potentially be a major jeopardy to the lives of many online users who have their information exchanged on the web regularly. For instance, in China, there is a new software that will enable the concept of surveillance among the majority of online users and present a risk to their privacy.[139] The main concern with privacy of Internet users in China is the lack thereof. China has a well-known policy of censorship when it comes to the spread of information through public media channels. Censorship has been prominent in Mainland China since the communist party gained power in China over 60 years ago. With the development of the Internet, however, privacy became more of a problem for the government. The Chinese Government has been accused of actively limiting and editing the information that flows into the country via various media. The Internet poses a particular set of issues for this type of censorship, especially when search engines are involved. Yahoo! for example, encountered a problem after entering China in the mid-2000s. A Chinese journalist, who was also a Yahoo! user, sent private emails using the Yahoo! server regarding the Chinese government. Yahoo! provided information to the Chinese government officials to track down journalist Shi Tao. Shi Tao allegedly posted state secrets to a New York-based website. Yahoo provided incriminating records of the journalist's account logins to the Chinese government and Shi Tao was sentenced to ten years in prison.[140] These types of occurrences have been reported numerous times and have been criticized by foreign entities such as the creators of the Tor network, which was designed to circumvent network surveillance in multiple countries.

There have been reports that personal information has been sold. For example, students preparing for exams would receive calls from unknown numbers selling school supplies.[141]

The 2021 Data Security Law classifies data into different categories and establishes corresponding levels of protection.[142]: 131  It imposes significant data localization requirements, in a response to the extraterritorial reach of the United States CLOUD Act or similar foreign laws.[142]: 250–251 

The 2021 Personal Information Protection Law is China's first comprehensive law on personal data rights and is modeled after the European Union's General Data Protection Regulation.[142]: 131 

Internet privacy in Sweden

[edit]

On 11 May 1973 Sweden enacted the Data Act − the world's first national data protection law.[143][144] In 2012, Sweden received a Web Index Score of 100, a score that measures how the Internet significantly influences political, social, and economic impact, placing them first among 61 other nations. Sweden received this score while exceeding new mandatory implementations from the European Union. Sweden placed more restrictive guidelines on the directive on intellectual property rights enforcement (IPRED) and passed the Forsvarets Radio Anstalt (FRA) law in 2009 under the National Defense Radio Establishment. The law allowed for the legal sanctioning of surveillance of Internet traffic by state authorities and allowed authorities to monitor all cross-border communication without a warrant

The FRA has a history of intercepting radio signals and has stood as the main intelligence agency in Sweden since 1942. Sweden has a mixture of the government's strong push towards implementing policy and citizens' continued perception of a free and neutral Internet. Both of the previously mentioned additions created controversy among critics but they did not change the public perception despite the new FRA law being litigated in front of the European Court of Human Rights for human rights violations.

Sweden's recent emergence into Internet dominance may be explained by its recent climb in users. Only 2% of all Swedes were connected to the Internet in 1995 but at last count in 2012, 89% had broadband access. This was due in large part once again to the active Swedish government introducing regulatory provisions to promote competition among Internet service providers. These regulations helped grow web infrastructure and forced prices below the European average.

Sweden was the birthplace of the Pirate Bay, an infamous file-sharing website. File sharing has been illegal in Sweden since it was developed, however, there was never any real fear of being persecuted for the crime until 2009 when the Swedish Parliament was the first in the European Union to pass the intellectual property rights directive. This directive persuaded Internet service providers to announce the identity of suspected violators.[citation needed]

Sweden also uses an infamous centralized block list. The list is generated by authorities and was originally crafted to eliminate sites hosting child pornography. However, there is no legal way to appeal a site that ends up on the list and as a result, many non-child pornography sites have been blacklisted. Sweden's government enjoys a high level of trust from its citizens. Without this trust, many of these regulations would not be possible and thus many of these regulations may only be feasible in the Swedish context.[145]

Internet privacy in the United States

[edit]

Andrew Grove, co-founder and former CEO of Intel Corporation, offered his thoughts on Internet privacy in an interview published in May 2000:[146]

Privacy is one of the biggest problems in this new electronic age. At the heart of the Internet culture is a force that wants to find out everything about you. And once it has found out everything about you and two hundred million others, that's a very valuable asset, and people will be tempted to trade and do commerce with that asset. This wasn't the information that people were thinking of when they called this the information age.

More than two decades later, Susan Ariel Aaronson, director of the Digital Trade and Data Governance Hub at George Washington University observed that, "The American public simply isn't demanding a privacy law... They want free more than they want privacy."[147]

US Republican senator Jeff Flake spearheaded an effort to pass legislation allowing ISPs and tech firms to sell private customer information, such as their browsing history, without consent.

With the Republicans in control of all three branches of the U.S. government, lobbyists for Internet service providers (ISPs) and tech firms persuaded lawmakers to dismantle regulations to protect privacy which had been made during the Obama administration. These FCC rules had required ISPs to get "explicit consent" before gathering and selling their private Internet information, such as the consumers' browsing histories, locations of businesses visited and applications used.[148] Trade groups wanted to be able to sell this information for profit.[148] Lobbyists persuaded Republican senator Jeff Flake and Republican representative Marsha Blackburn to sponsor legislation to dismantle Internet privacy rules; Flake received $22,700 in donations and Blackburn received $20,500 in donations from these trade groups.[148] On March 23, 2017, abolition of these privacy protections passed on a narrow party-line vote.[148] In June 2018, California passed the law restricting companies from sharing user data without permission. Also, users would be informed to whom the data is being sold and why. On refusal to sell the data, companies are allowed to charge a little higher to these consumers.[149][150][151]

[edit]

Used by government agencies are array of technologies designed to track and gather Internet users' information are the topic of much debate between privacy advocates, civil liberties advocates and those who believe such measures are necessary for law enforcement to keep pace with rapidly changing communications technology.

Specific examples:

  • Following a decision by the European Union's council of ministers in Brussels, in January 2009, the UK's Home Office adopted a plan to allow police to access the contents of individuals' computers without a warrant. The process, called "remote searching", allows one party, at a remote location, to examine another's hard drive and Internet traffic, including email, browsing history and websites visited. Police across the EU are now permitted to request that the British police conduct a remote search on their behalf. The search can be granted, and the material turned over and used as evidence, on the basis of a senior officer believing it necessary to prevent a serious crime. Opposition MPs and civil liberties advocates are concerned about this move toward widening surveillance and its possible impact on personal privacy. Shami Chakrabarti, director of the human rights group Liberty, said "The public will want this to be controlled by new legislation and judicial authorization. Without those safeguards it's a devastating blow to any notion of personal privacy."[152]
  • The FBI's Magic Lantern software program was the topic of much debate when it was publicized in November 2001. Magic Lantern is a Trojan Horse program that logs users' keystrokes, rendering encryption useless to those infected.[153]

Children and Internet privacy

[edit]

Internet privacy is a growing concern with children and the content they are able to view. Aside from that, many concerns for the privacy of email, the vulnerability of internet users to have their internet usage tracked, and the collection of personal information also exist. These concerns have begun to bring the issues of Internet privacy before the courts and judges.[154] In recent years, there is a growing concern for children's privacy and the commercial use of their data. In addition, the use of their personal data to persuade and influence their behavior has also come under scrutiny.[155]

See also

[edit]

References

[edit]
  1. ^ The Editorial Boards (March 29, 2017). "Republicans Attack Internet Privacy". New York Times. Archived from the original on March 8, 2020. Retrieved March 29, 2017.
  2. ^ Wheeler, Tom (March 29, 2017). "How the Republicans Sold Your Privacy to Internet Providers". New York Times. Archived from the original on August 11, 2020. Retrieved March 29, 2017.
  3. ^ E. E. David; R. M. Fano (1965). "Some Thoughts About the Social Implications of Accessible Computing. Proceedings 1965 Fall Joint Computer Conference". Archived from the original on 2000-08-16. Retrieved 2012-06-07.
  4. ^ Schuster, Stefan; van den Berg, Melle; Larrucea, Xabier; Slewe, Ton; Ide-Kostic, Peter (1 February 2017). "Mass surveillance and technological policy options: Improving the security of private communications". Computer Standards & Interfaces. 50: 76–82. doi:10.1016/j.csi.2016.09.011. hdl:11556/375. ISSN 0920-5489.
  5. ^ "The new meaning of PII — can you ever be anonymous?: Case study: Is GPS data personal data?". October 18, 2022.
  6. ^ Valentino-DeVries, Jennifer; Singer, Natasha; Keller, Michael H.; Krolik, Aaron (2018-12-10). "Your Apps Know Where You Were Last Night, and They're Not Keeping It Secret". The New York Times. ISSN 0362-4331. Archived from the original on 2019-04-03. Retrieved 2019-04-03.
  7. ^ Pogue, David (January 2011). "Don't Worry about Who's watching". Scientific American. 304 (1): 32. Bibcode:2011SciAm.304a..32P. doi:10.1038/scientificamerican0111-32. PMID 21265322.
  8. ^ "The Value of Privacy by Bruce Schneier". Schneier.com. Archived from the original on 2022-05-02. Retrieved 2015-02-09.
  9. ^ Bruce Schneier (May 18, 2006). "The Eternal Value of Privacy by Bruce Schneier". Wired.com. Archived from the original on 2017-05-10. Retrieved 2016-07-19.
  10. ^ a b Kang, Jerry (1998-01-01). "Information Privacy in Cyberspace Transactions". Stanford Law Review. 50 (4): 1193–1294. doi:10.2307/1229286. JSTOR 1229286.
  11. ^ Kang, Jerry (1998). "Information Privacy in Cyberspace Transactions". Stanford Law Review. 50 (4): 1193–1294. doi:10.2307/1229286. JSTOR 1229286.
  12. ^ "Preventing Identity Theft and Other Cyber Crimes". onguardonline.gov. Archived from the original on 2012-03-30. Retrieved 2011-10-21.
  13. ^ No Author. Washington State Office of the Attorney General. (2008). "Families and Educators: Information is Permanent". Archived 2011-10-05 at the Wayback Machine
  14. ^ Mediati, N. (2010). "The Most Dangerous Places on the Web". PC World, 28(11), 72–80.
  15. ^ Grimmelmann, James (2009). "Saving Facebook". Iowa Law Review. pp. 1137–1206. Archived from the original on 2021-04-29. Retrieved 2013-02-12.
  16. ^ Cyphers, Bennett (2019-12-02). "Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance". Electronic Frontier Foundation. Archived from the original on 2022-02-13. Retrieved 2020-03-09.
  17. ^ a b O'Connor, Cozen (2020-02-14). "What Is A "Reasonable Link" Under CCPA? | Lexology". www.lexology.com. Archived from the original on 2022-02-13. Retrieved 2020-03-05.
  18. ^ Coleman, June (2020-02-20). "CCPA Clarity in California". ACA International. Archived from the original on 2022-02-15. Retrieved 2020-03-05.
  19. ^ "IP Addresses No Longer Protected in Alberta". Canadian Lawyer Magazine. 2020-02-11. Archived from the original on 2022-02-15. Retrieved 2020-03-05.
  20. ^ Krishnamurthy B, Wills CE. (2009). "On the Leakage of Personally Identifiable Information Via Online Social Networks" Archived 2011-08-17 at the Wayback Machine.
  21. ^ "New net rules set to make cookies crumble". BBC. 2011-03-08. Archived from the original on 2018-08-10. Retrieved 2018-06-20.
  22. ^ Edmond Lee (2011-05-06). "Sen. Rockefeller: Get Ready for a Real Do-Not-Track Bill for Online Advertising". Adage.com. Archived from the original on 2011-08-24. Retrieved 2012-09-17.
  23. ^ "Trust and Privacy Online: Why Americans Want to Rewrite the Rules". Pew Internet & American Life Project. Released Aug. 20, 2000 Archived 2012-01-13 at the Wayback Machine
  24. ^ "Six Common Internet Privacy Myths". Daniel Dent. 2014-10-23. Archived from the original on 2022-02-15. Retrieved 2014-10-24.
  25. ^ Burgess, Matt. "Google Has a New Plan to Kill Cookies. People Are Still Mad". Wired. ISSN 1059-1028. Retrieved 2023-05-14.
  26. ^ Soltani, Ashkan. "Flash Cookies and Privacy". University of California, Berkeley. Archived from the original on 27 July 2014. Retrieved 3 February 2012.
  27. ^ Heyman, R.; Pierson, J. (2011). "Social media and cookies: challenges for online privacy". The Journal of Policy, Regulation and Strategy for Telecommunications, Information and Media. 13: 30–42.
  28. ^ Benninger, Corey. "A Look At Flash Cookies and Internet Explorer Persistence" (PDF). McAfee, Inc. Archived from the original (PDF) on 2012-06-17. Retrieved 3 February 2012.
  29. ^ "How to disable Flash in Firefox". electrictoolbox.com. November 2009. Archived from the original on 2012-09-20. Retrieved 2012-09-17.
  30. ^ "Adobe - Web Players". adobe.com. Archived from the original on 2012-09-19. Retrieved 2012-09-17.
  31. ^ "Security Bulletins and Advisories". adobe.com. Archived from the original on 2010-04-06. Retrieved 2012-09-17.
  32. ^ "Alert for CVE-2012-4681". oracle.com. Archived from the original on 2019-10-10. Retrieved 2012-09-17.
  33. ^ Julia Angwin; Jennifer Valentino-DeVries (April 22, 2011). "Apple, Google Collect User Data". The Wall Street Journal. Archived from the original on 30 March 2014. Retrieved 26 May 2014.
  34. ^ "'Evercookie' is one cookie you don't want to bite". September 20, 2010. Archived from the original on 2011-12-23.
  35. ^ Schneier
  36. ^ "Personal information gathering sites". GitBook. Archived from the original on 2018-03-21. Retrieved 2018-03-21.
  37. ^ Boerman, Sophie C.; Kruikemeier, Sanne; Zuiderveen Borgesius, Frederik J. (2017). "Online Behavioral Advertising: A Literature Review and Research Agenda". Journal of Advertising. 46 (3): 363–376. doi:10.1080/00913367.2017.1339368. hdl:11245.1/30b8da2b-de05-4ad9-8e43-ce05eda657e5.
  38. ^ "Nevercookie Eats Evercookie With New Firefox Plugin" Archived 2012-02-10 at the Wayback Machine. SecurityWeek.Com (2010-11-10). Retrieved on 2013-08-16.
  39. ^ Andrea Fortuna (2017-11-06). "What is Canvas Fingerprinting and how the companies use it to track you online | So Long, and Thanks for All the Fish". Retrieved 2019-12-13.
  40. ^ BigCommerce (2019-12-12). "What is cross-device tracking?". BigCommerce. Retrieved 2019-12-13.
  41. ^ "What is online tracking and how do websites track you?". Koofr blog. Retrieved 2019-12-13.
  42. ^ "Cookies - Definition - Trend Micro USA". www.trendmicro.com. Retrieved 2019-12-13.
  43. ^ "Session replay", Wikipedia, 2019-10-15, retrieved 2019-12-13
  44. ^ "FullStory | Build a More Perfect Digital Experience | FullStory". www.fullstory.com. Retrieved 2021-04-05.
  45. ^ "Redirect tracking protection - Privacy, permissions, and information security | MDN". developer.mozilla.org. Retrieved 2022-06-29.
  46. ^ Goodin, Dan (2021-02-19). "New browser-tracking hack works even when you flush caches or go incognito". Ars Technica. Retrieved 2021-02-21.
  47. ^ "Federated Learning Component". source.chromium.org. Retrieved 2023-02-27.
  48. ^ Cyphers, Bennett (2021-03-03). "Google's FLoC Is a Terrible Idea". Electronic Frontier Foundation. Retrieved 2021-03-05.
  49. ^ Patringenaru, Ioana. "New web tracking technique is bypassing privacy protections". University of California-San Diego via techxplore.com. Retrieved 18 January 2023.
  50. ^ a b Randall, Audrey; Snyder, Peter; Ukani, Alisha; Snoeren, Alex C.; Voelker, Geoffrey M.; Savage, Stefan; Schulman, Aaron (25 October 2022). "Measuring UID smuggling in the wild". Proceedings of the 22nd ACM Internet Measurement Conference. Association for Computing Machinery. pp. 230–243. doi:10.1145/3517745.3561415. ISBN 9781450392594. S2CID 250494286.
  51. ^ "Google to 'phase out' third-party cookies in Chrome". The Verge. 2020-01-14. Archived from the original on 2022-02-14. Retrieved 2020-07-09.
  52. ^ "Preventing data leaks by stripping path information in HTTP Referrers". Mozilla Security Blog. 2018-01-31. Archived from the original on 2020-06-17. Retrieved 2020-07-08.
  53. ^ Cackley, Alicia Puente (2019). "INTERNET PRIVACY: Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility". United States Government Accountability Office: 1–57.
  54. ^ In the Face of Danger: Facial Recognition and the Limits of Privacy Law. (2007). Retrieved from Harvard, Harvard Law Review Archived 2010-08-02 at the Wayback Machine
  55. ^ "Data Policy". facebook.com. Archived from the original on 2009-04-30. Retrieved 2010-10-14.
  56. ^ "Celebrities' Photos, Videos May Reveal Location". ABC. 16 July 2010. Archived from the original on 28 May 2014. Retrieved 27 May 2014.
  57. ^ "Online photos can reveal our private data say, experts". BBC News. August 3, 2011. Archived from the original on November 23, 2017. Retrieved June 20, 2018.
  58. ^ "More Than Facial Recognition – Carnegie Mellon University". Cmu.edu. Archived from the original on 2011-11-25. Retrieved 2011-11-22.
  59. ^ a b c Rodrigues, Jason (29 November 2009). "Rodrigues, J. (November 29, 2009). Google Street View's headaches around the world. The Guardian". TheGuardian.com. Archived from the original on February 2, 2017. Retrieved December 17, 2016.
  60. ^ a b Shankland, S. (2008-05-13). "Google begins blurring faces in Street View". CNet News. Archived from the original on 2013-12-04. Retrieved 2011-10-20.
  61. ^ a b c Elwood, S.; Leszczynski, A. (2011). "Privacy, reconsidered: New representations, data practices, and the geoweb". Geoforum. 42: 6–15. doi:10.1016/j.geoforum.2010.08.003.
  62. ^ "Online Privacy: Using the Internet Safely - Privacy Rights Clearinghouse". privacyrights.org. Archived from the original on 2011-01-15. Retrieved 2011-01-23.
  63. ^ "AOL's disturbing glimpse into users' lives". CNET. CBS Interactive. Archived from the original on 2012-10-26. Retrieved 2011-05-20.
  64. ^ Dye, Jessica. "Consumer Privacy Advocates Seek Search Engine Solution". EContent. Archived from the original on 2013-05-10. Retrieved 2011-10-20.
  65. ^ Babic, Filip (2013). "Rethinking Online Privacy Litigation as Google Expands Use of Tracking: Giving Meaning to Our Online Browsing and the Federal Wiretap Act". Hastings Communications and Entertainment Law Journal. 36 (2): 471–488. Archived from the original on 2018-09-26. Retrieved 2018-09-26 – via BerkeleyLaw Library.
  66. ^ Pariser, Eli. "The Troubling Future of Internet Search". The Free Library. Archived from the original on 2019-10-30. Retrieved 2011-10-20.
  67. ^ Blakeman, Karen. "What Search Engines Know About You". Online (Weston, Connecticut). Retrieved 2011-10-20.
  68. ^ Cain Miller, C. (2012, January 25). "A New Policy On Privacy From Google". The New York Times, p. B3
  69. ^ "Steinhauser, G. (2012, February 3). Google's Privacy Policy Changes Prompt EU Probe. The Huffington Post". HuffPost. Archived from the original on 2016-03-04. Retrieved 2020-02-20.
  70. ^ Miller, Claire (January 24, 2012). "Google To Update Privacy Policy to Cover Wider Data Use". New York Times. Archived from the original on May 12, 2013. Retrieved Feb 6, 2012.
  71. ^ "Reuters. (2012, February 1). Google defends change to privacy policies. Chicago Tribune". Chicago Tribune. Archived from the original on 2012-02-06. Retrieved 2012-02-05.
  72. ^ James Canter, "E.U. Presses Google to Delay Privacy Policy Changes" Archived 2017-06-30 at the Wayback Machine 'The New York Times,' February 3, 2012
  73. ^ Jay Perry, "Facebook vs. Canada. It's about to get ugly." Archived 2011-12-04 at the Wayback Machine 'Techi,' May 22, 2010
  74. ^ Robert McMillan, "Google Relents, Will Hand Over European Wi-Fi Data" Archived 2013-04-20 at the Wayback Machine 'PCWorld,' June 3, 2010
  75. ^ "Google privacy policy is subject of backlash" Archived 2017-07-18 at the Wayback Machine 'The Washington Post.'
  76. ^ Jillian York "A Case for Pseudonyms" Archived 2012-01-14 at the Wayback Machine EFF.org, July 29, 2011
  77. ^ World, PC. "People Search Engines: Limit the Information They Can Collect". PC World. Archived from the original on 2012-10-21. Retrieved 2011-10-20.
  78. ^ "Tor Status". Tor. Archived from the original on 2016-01-21. Retrieved 2017-04-13.
  79. ^ Young, Alyson Leigh (2013). "Privacy Protection Strategies on Facebook". Information, Communication & Society. 16 (4): 479–500. doi:10.1080/1369118X.2013.777757. S2CID 146232739.
  80. ^ "Lawsuit Claiming Facebook Scanned Private Messages to Better Target Ads Moves Forward". Newsweek. December 26, 2014.
  81. ^ Minen, Mia T.; Stieglitz, Eric J.; Sciortino, Rose; Torous, John (2018). "Privacy Issues in Smartphone Applications: An Analysis of Headache/Migraine Applications". Headache: The Journal of Head and Face Pain. 58 (7): 1014–1027. doi:10.1111/head.13341. ISSN 1526-4610. PMC 6347475. PMID 29974470.
  82. ^ "Guillermo Arduino (2014, December 13). A simple Security Protocol which does not require special software CNN Technology CLIXCNN". YouTube. Archived from the original on 2015-05-14. Retrieved 2015-01-06.
  83. ^ "Online Privacy: Using the Internet Safely | Privacy Rights Clearinghouse". Privacyrights.org. Archived from the original on 2011-10-20. Retrieved 2011-11-22.
  84. ^ "UN warns on password 'explosion'". BBC News. 2006-12-04. Archived from the original on 2009-04-25. Retrieved 2011-11-25.
  85. ^ Peter Fleischer, Jane Horvath, Shuman Ghosemajumder (2008). "Celebrating data privacy". Google Blog. Archived from the original on 20 May 2011. Retrieved 12 August 2011.{{cite web}}: CS1 maint: multiple names: authors list (link)
  86. ^ "Document Shows How Phone Cos. Treat Private Data". Associated Press. September 29, 2011. Archived from the original on 2019-05-13. Retrieved 2011-09-29. T-Mobile USA doesn't keep any information on Web browsing activity. Verizon, on the other hand, keeps some information for up to a year that can be used to ascertain if a particular phone visited a particular Web site. According to the sheet, Sprint Nextel Corp.'s Virgin Mobile brand keeps the text content of text messages for three months. Verizon keeps it for three to five days. None of the other carriers keep texts at all, but they keep records of who texted who for more than a year. The document says AT&T keeps for five to seven years a record of who text messages who—and when, but not the content of the messages. Virgin Mobile only keeps that data for two to three months.
  87. ^ a b "Privacy, Web Storage". WHATWG. Archived from the original on 6 January 2013. Retrieved 11 December 2012.
  88. ^ Vega, Tanzina (11 October 2010). "Vega, T. (2010, October 10). New web code draws concern over privacy risks. The New York Times". The New York Times. Archived from the original on 2017-06-30. Retrieved 2017-02-24.
  89. ^ "Capturing Audio & Video in HTML5". Archived from the original on 13 December 2012. Retrieved 11 December 2012.
  90. ^ "HTML5 and Security on the New Web: Promise and problems for privacy and security". Sophos. Archived from the original on 10 February 2013. Retrieved 11 December 2012.
  91. ^ "What are HTML5 Security and Privacy Issues?". W3C. Archived from the original on 18 November 2012. Retrieved 11 December 2012.
  92. ^ Hill, Brad (February 2013). "HTML5 Security Realities". Archived from the original on 26 February 2013. Retrieved 23 February 2013. Rich web apps are not new, and HTML5 offers big security improvements compared to the proprietary plugin technologies it's actually replacing.
  93. ^ "HTML Templates". W3C. 23 February 2013. Archived from the original on 2013-03-10. Retrieved 23 February 2013.
  94. ^ Kosinski, Michal; Stillwell, D.; Graepel, T. (2013). "Private traits and attributes are predictable from digital records of human behaviour". Proceedings of the National Academy of Sciences. 110 (15): 5802–5805. Bibcode:2013PNAS..110.5802K. doi:10.1073/pnas.1218772110. PMC 3625324. PMID 23479631.
  95. ^ "Big Data – What Is It?". SAS. Archived from the original on 16 January 2013. Retrieved 12 December 2012.
  96. ^ Arp, Daniel (2017). "Privacy Threats through Ultrasonic Side Channels on Mobile Devices". 2017 IEEE European Symposium on Security and Privacy (EuroS&P). pp. 1–13. doi:10.1109/EuroSP.2017.33. ISBN 978-1-5090-5762-7. S2CID 698921.
  97. ^ Momen, Nurul (2020). Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior (Doctoral thesis). Karlstad University. ISBN 978-91-7867-137-3. ORCID 0000-0002-5235-5335. Archived from the original on 2023-01-17. Retrieved 2020-09-16.
  98. ^ a b "Resources and Tools for IT Professionals | TechNet". Archived from the original on 2008-08-20. Retrieved 2017-08-26.
  99. ^ Goodchild, Joan (11 January 2010). "Social Engineering: The Basics". csoonline. Archived from the original on 22 September 2013. Retrieved 14 January 2010.
  100. ^ "Protect Your Privacy". TRUSTe. Archived from the original on 2012-11-26. Retrieved 2012-11-25.
  101. ^ a b Sengupta, Somini (17 July 2013). "Digital Tools to Curb Snooping". New York Times. Archived from the original on 2017-06-10.
  102. ^ "Top 5 Online Privacy Tips". Help Net Security. 2010-01-29. Archived from the original on 2013-06-05. Retrieved 2012-11-23.
  103. ^ Huge Security Flaw Leaks VPN Users' Real IP-addresses Archived 2021-01-08 at the Wayback Machine TorrentFreak.com (2015-01-30). Retrieved on 2015-02-21.
  104. ^ "The WIRED Guide to Your Personal Data (and Who Is Using It)". Wired. ISSN 1059-1028. Archived from the original on 2021-08-04. Retrieved 2021-07-31.
  105. ^ Cofone, Ignacio (2023). The Privacy Fallacy: Harm and Power in the Information Economy. New York: Cambridge University Press. ISBN 9781108995443.
  106. ^ The Revolution Will Not Be Monetized Archived 2014-06-14 at the Wayback Machine, in the July–August 2014 issue of Inc. magazine
  107. ^ Wallen, Jack (24 October 2018). "How to use Ublock Origin and Privacy Badger to prevent browser tracking in Firefox". TechRepublic. Retrieved 3 February 2023.
  108. ^ a b "Our Favorite Ad Blockers and Browser Extensions to Protect Privacy". The New York Times. 10 January 2023. Retrieved 3 February 2023.
  109. ^ "Mozilla unveils Total Cookie Protection for Firefox Focus on Android". ZDNET. Retrieved 3 February 2023.
  110. ^ Chen, Brian X. (31 March 2021). "If You Care About Privacy, It's Time to Try a New Web Browser". The New York Times. Retrieved 3 February 2023.
  111. ^ "Firefox enables its anti-tracking feature by default". Engadget. Retrieved 3 February 2023.
  112. ^ "What is an Opt Out Cookie? - All about Cookies". www.allaboutcookies.org. 27 September 2018. Retrieved 2019-11-11.
  113. ^ "Think you're anonymous online? A third of popular websites are 'fingerprinting' you". Washington Post.
  114. ^ "Firefox 42.0 release notes".
  115. ^ Katz, Sarah. "Firefox 87 reveals SmartBlock for private browsing". techxplore.com. Retrieved 3 February 2023.
  116. ^ Abdulaziz Saad Bubukayr, Maryam; Frikha, Mounir (2022). "Web Tracking Domain and Possible Privacy Defending Tools: A Literature Review". Journal of Cybersecurity. 4 (2): 79–94. doi:10.32604/jcs.2022.029020. ISSN 2579-0064.
  117. ^ Lundblad, Nicklas (2010). "Privacy in the Noise Society" (PDF). Stockholm Institute for Scandinavian Law. Archived (PDF) from the original on 29 November 2014. Retrieved 23 November 2014.
  118. ^ a b Miyazaki, A. D.; Fernandez, A. (2001). "Consumer Perceptions of Privacy and Security Risks for Online Shopping". Journal of Consumer Affairs. 35 (1): 38–39. doi:10.1111/j.1745-6606.2001.tb00101.x. S2CID 154681339.
  119. ^ "Menn, J. (Feb. 19, 2012), Data Collection Arms Race Feeds Privacy Fears. Reuters". Reuters. 19 February 2012. Archived from the original on 2022-04-04. Retrieved 2021-07-06.
  120. ^ a b c Milne, G. R.; Culnan, M. J. (2004). "Strategies for reducing online privacy risks: Why consumers read (or don't read) online privacy notices". J. Interactive Mark. 18 (3): 24–25. doi:10.1002/dir.20009. S2CID 167497536.
  121. ^ a b Krapf, E. (2007). "A Perspective On Internet Security". Business Communications Review, 37(6), 10–12.
  122. ^ a b Kandra, Anne. (2001, July). "The myth of secure e-shopping". PC World, 19(7), 29–32.
  123. ^ Langford, D. (Ed.). (2000). Internet Ethics. Houndmills: MacMillan Press Ltd.
  124. ^ a b "Pew Research -". pewinternet.org. Archived from the original on 2008-02-25. Retrieved 2012-05-02.
  125. ^ a b de Cornière, Alexandre; de Nijs, Romain (2016-02-01). "Online advertising and privacy". The RAND Journal of Economics. 47 (1): 48–72. CiteSeerX 10.1.1.406.8570. doi:10.1111/1756-2171.12118. ISSN 1756-2171.
  126. ^ Gangadharan, Seeta Peña (2015-11-09). "The downside of digital inclusion: Expectations and experiences of privacy and surveillance among marginal Internet users". New Media & Society. 19 (4): 597–615. doi:10.1177/1461444815614053. ISSN 1461-4448. S2CID 13390927.
  127. ^ Barocas, Solon; Selbst, Andrew D. (2016). "Big Data's Disparate Impact". SSRN Electronic Journal. doi:10.2139/ssrn.2477899. ISSN 1556-5068. Archived from the original on 2023-01-17. Retrieved 2021-11-02.
  128. ^ a b c Jansen, Nani (2021-05-29). "How Artificial Intelligence Impacts Marginalised Groups". Digital Freedom Fund. Archived from the original on 2021-11-02. Retrieved 2021-11-02.
  129. ^ Olick, Diana (2020-08-19). "A troubling tale of a Black man trying to refinance his mortgage". CNBC. Archived from the original on 2021-11-02. Retrieved 2021-11-02.
  130. ^ Beduschi, Ana (2020-02-10). "International migration management in the age of artificial intelligence". Migration Studies. 9 (3): 576–596. doi:10.1093/migration/mnaa003.
  131. ^ a b "Directive 2009/136/EC of the European Parliament and of the Council". Official Journal of the European Union. 337: 11–36. 18 December 2009. Retrieved 4 January 2024.
  132. ^ "Regulation (EU) 2016/679 of the European Parliament and of the Council". Official Journal of the European Union. 119: 1–88. 4 May 2016. Retrieved 4 January 2024.
  133. ^ Skiera, Bernd (2022). The impact of the GDPR on the online advertising market. Klaus Miller, Yuxi Jin, Lennart Kraft, René Laub, Julia Schmitt. Frankfurt am Main. ISBN 978-3-9824173-0-1. OCLC 1303894344.{{cite book}}: CS1 maint: location missing publisher (link)
  134. ^ "Security risks of logging in with facebook". Wired. 2 July 2020. Archived from the original on 3 July 2020. Retrieved 3 July 2020.
  135. ^ "The GDPR and Browser Fingerprinting: How It Changes the Game for the Sneakiest Web Trackers". European Frontier Foundation. 2 July 2020. Archived from the original on 2 August 2020. Retrieved 3 July 2020.
  136. ^ "e-Privacy Regulation victim of a "lobby onslaught"". European Digital Rights. 2 July 2020. Archived from the original on 4 July 2020. Retrieved 3 July 2020.
  137. ^ "JUDGMENT OF THE COURT 1/10/2019". Court of Justice of the European Union. 2 July 2020. Archived from the original on 3 July 2020. Retrieved 3 July 2020.
  138. ^ Dong, Fan (2012-05-28). "Controlling the internet in China: The real story". Convergence. 18 (4): 403–425. doi:10.1177/1354856512439500. S2CID 144146039. Archived from the original on 2020-10-27. Retrieved 2020-10-23.
  139. ^ Branigan, Tania (2011-07-26). "China boosts internet surveillance". The Guardian. Archived from the original on 2018-01-28. Retrieved 2018-01-28.
  140. ^ Kahn, Joseph (2005-09-08). "Yahoo helped Chinese to prosecute journalist (Published 2005)". The New York Times. ISSN 0362-4331. Archived from the original on 2021-04-04. Retrieved 2021-03-04.
  141. ^ Han, Dong (12 April 2017). "The Market Value of Who We Are: The Flow of Personal Data and Its Regulation in China". Media and Communication. 5 (2): 21–30. doi:10.17645/mac.v5i2.890.
  142. ^ a b c Zhang, Angela Huyue (2024). High Wire: How China Regulates Big Tech and Governs Its Economy. Oxford University Press. ISBN 9780197682258.
  143. ^ Öman, Sören. "Implementing Data Protection in Law" (PDF). Archived (PDF) from the original on 19 August 2017. Retrieved 10 May 2017.
  144. ^ "Online Privacy Law: Sweden". www.loc.gov. Law Library of Congress. 10 May 2017. Archived from the original on 23 November 2017. Retrieved 10 May 2017.
  145. ^ "Do as the Swedes do? Internet policy and regulation in Sweden – a snapshot" | Internet Policy Review Archived 2014-04-15 at the Wayback Machine. Policyreview.info. Retrieved on 2014-05-25.
  146. ^ "What I've Learned: Andy Grove" Archived 2015-01-20 at the Wayback Machine, Esquire Magazine, 1 May 2000
  147. ^ "Privacy law's hidden roadblock: Americans' beliefs" Archived 2022-10-05 at the Wayback Machine Margaret Harding McGill, Axios, August 22, 2022. Retrieved October 5, 2022.
  148. ^ a b c d Kindy, Kimberly (2017-05-30). "How Congress dismantled federal Internet privacy rules". Washington Post. Archived from the original on 2017-07-30.
  149. ^ Kelly, Heather. "California passes strictest online privacy law in the country". CNNMoney. Archived from the original on 2022-02-19. Retrieved 2018-06-29.
  150. ^ "California passes nation's toughest online privacy law". USA TODAY. Archived from the original on 2018-06-28. Retrieved 2018-06-29.
  151. ^ "California Passes A Sweeping New Data Privacy Law". Time. Archived from the original on 2018-07-03. Retrieved 2018-06-29.
  152. ^ "Police set to step up hacking of home PCs". London: Timesonline.co.uk. Archived from the original on 2011-09-29. Retrieved 2011-11-25.
  153. ^ "FBI 'Lantern' Software Does Log Keystrokes". Rumormillnews.com. Archived from the original on 2012-06-23. Retrieved 2011-11-25.
  154. ^ "Internet Privacy". Gale encyclopedia of everyday law. 2013. Archived from the original on 12 November 2018. Retrieved 26 October 2018.
  155. ^ Livingstone, Sonia, Mariya Stoilova, and Rishita Nandagiri. "Children's data and privacy online: growing up in a digital age: an evidence review." (2019).

Further reading

[edit]
[edit]